How to update value from mysql

Question

I have this php script, which update password from mysql table named as "admin" but when I post the data It doesn't update the password.

Note: the script look the input name and exist name if is the same it update the password of such name. Can any one help me to solve this Am new in PHP.

Here the script

<?php

    $fname='fname';
    $con=mysql_connect("localhost","root","mcl");
    mysql_select_db("mcl",$con);
    $user = $_POST['fname'];
    $pass = $_POST['password']; 
    $result = mysql_query("SELECT password FROM admin WHERE fname='$fname'"); 
         if(!$result)  
      {  
      echo "The username you entered does not exist";  
     }  
          {  
    echo"<a href=update.htm> Click here to signin</a>";
       exit; 
     }
    if($user='fname') 
    $sql=mysql_query("UPDATE admin SET password='$pass' where fname='$user'"); 
    if($sql)  
        {  
    echo "Congratulations You have successfully changed your password";
echo"<br>";
  echo"<a href=index.php> Click here to signin </a>";
exit; 
        }
     {  
       echo "The new password fail to update";
        }  
   ?>

Dont wory about msqli I will consider that.

And filter the user input with `mysql_real_escape_string()`. You are exposing your database to SQL Injection attacks. — Havenard, Dec 07 '13 at 16:16
**Warning:** you're using [a **deprecated** database API](http://stackoverflow.com/questions/12859942/why-shouldnt-i-use-mysql-functions-in-php) and should use a [modern replacement](http://php.net/manual/en/mysqlinfo.api.choosing.php). You are also **vulnerable to [SQL injection attacks](http://bobby-tables.com)** that a modern API would make it easier to [defend](http://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php) yourself from. — Marcel Korpel, Dec 07 '13 at 16:21

score 2 · Answer 1 · answered Dec 07 '13 at 16:14

if($user=='fname')

Use comparison operator,= is the assignemnt operator.

You are missing an else here

    else
    {  
    echo"<a href=update.htm> Click here to signin</a>";
       exit; 
    }

And change it to something more viable,even if its a local project."echo chamber"

Krish R · Answer 2 · 2013-12-07T16:22:47.947

You have missed else , there is lot of place else condition not completed properly

Your code,

$result = mysql_query("SELECT password FROM admin WHERE fname='$user'"); 
   if(!$result)  
  {  
     echo "The username you entered does not exist";  
 }else{  
    echo"<a href=update.htm> Click here to signin</a>";
   exit; 
 }
if($user=='fname'){ 
  $sql=mysql_query("UPDATE admin SET password='$pass' where fname='$user'"); 
  if($sql)  
    {  
     echo "Congratulations You have successfully changed your password";
     echo"<br>";
     echo"<a href=index.php> Click here to signin </a>";
     exit; 
    }else{  
        echo "The new password fail to update";
    }  
 }

score 0 · Answer 3 · answered Dec 07 '13 at 16:13

0

Try this:

$result = mysql_query("SELECT password FROM admin WHERE fname='$user'");

answered Dec 07 '13 at 16:13

Prashant Borde

1,058
10
21

score 0 · Answer 4 · answered Dec 07 '13 at 16:16

1.use '=='

2.else part was missing

if($user=='fname') 
        $sql=mysql_query("UPDATE admin SET password='$pass' where fname='$user'"); 
        if($sql)  
            {  
            echo "Congratulations You have successfully changed your password";
            echo"<br>";
            echo"<a href=index.php> Click here to signin </a>";
            exit; 
            }
          else
            {  
           echo "The new password fail to update";
            }

How to update value from mysql

4 Answers4