-1

Can someone help me to figure out the problem ? I'm new to php and now trying to send the data from android to MySQL. I want to update the password based on user's name. I've tried to code but I get error when update button is clicked. 

 public void changePassword(final String name, final String password)
    {
        class UpdateUser extends AsyncTask<Void,Void,String> {
            ProgressDialog loading;
            @Override
            protected void onPreExecute() {
                super.onPreExecute();
                loading = ProgressDialog.show(ForgetPassword.this,"Updating...","Wait...",false,false);
            }

            @Override
            protected void onPostExecute(String s) {
                super.onPostExecute(s);
                loading.dismiss();
                Toast.makeText(ForgetPassword.this,s,Toast.LENGTH_LONG).show();
            }

            @Override
            protected String doInBackground(Void... params) {
                HashMap<String,String> hashMap = new HashMap<>();
                hashMap.put(Config.KEY_USER_NAME,name);
                hashMap.put(Config.KEY_PASSWORD,password);

                RequestHandler rh = new RequestHandler();

                String s = rh.sendPostRequest(Config.UPDATE_USER_URL,hashMap);

                return s;
            }
        }

        UpdateUser ue = new UpdateUser();
        ue.execute();
    }

UpdateUser.php

<?php 
    if($_SERVER['REQUEST_METHOD']=='POST'){
        //Getting values 

        $name = $_POST['name'];
        $pssword = $_POST['password'];


        //importing database connection script 
        require_once('dbConnect.php');

        //Creating sql query 
        $sql = "UPDATE users SET password = '$password' WHERE name = $name;";

        //Updating database table 
        if(mysqli_query($con,$sql)){
            echo ' Updated Successfully';
        }else{
            echo 'Could Not Update users Try Again';
        }

        //closing connection 
        mysqli_close($con);
    }
?>

I get message Could Not Update users Try Again.

Tony
  • 2,515
  • 14
  • 38
  • 71
  • Where do you instantiate `$con` ? – em_ Dec 28 '15 at 16:58
  • I can't help with the Android stuff, but for PHP/SQL: Add error reporting to the top of your file(s) right after your opening PHP tag for example ` – Funk Forty Niner Dec 28 '15 at 16:58
  • In doing that ^ `WHERE name = $name;";` would have thrown you a syntax error. `$name` is a string and must be quoted and error reporting about `$pssword` – Funk Forty Niner Dec 28 '15 at 16:59
  • @Fred-ii- I check in URL, nothing is displayed – Tony Dec 28 '15 at 17:02
  • Please stop down-voting my question :( – Tony Dec 28 '15 at 17:02
  • Write the `$_POST` to the error log. You can check whether the correct values have been received from your app. – frz3993 Dec 28 '15 at 17:07
  • Please use PHP's [built-in functions](http://jayblanchard.net/proper_password_hashing_with_PHP.html) to handle password security. If you're using a PHP version less than 5.5 you can use the `password_hash()` [compatibility pack](https://github.com/ircmaxell/password_compat). – Jay Blanchard Dec 28 '15 at 17:22
  • Noted, with thanks. Will read through the `password_hash()` – Tony Dec 28 '15 at 17:31

3 Answers3

2

You should add error reporting to your php code and check the logs.

$pssword = $_POST['password'];

$password variable is not correctly spelled.

PS: please do not use that code in a production environment, you should never trust user input.

Miguel Mesquita Alfaiate
  • 2,851
  • 5
  • 30
  • 56
  • Did you mean should be `$sql = "UPDATE users SET password = '$pssword' WHERE name = $name;"` ? I changed it but still cannot update ; – Tony Dec 28 '15 at 17:01
  • @Tony that might not be the only issue, but it is visibly wrong by the code you posted. $con might be another cause. – Miguel Mesquita Alfaiate Dec 28 '15 at 17:02
1

You have an error in your SQL syntax. The name column is I assume a text column so it need quotes around the $data i.e. '$data'

Also if you output a real error message it will help you solve these issues yourself in future.

And of course the error with setting $pssword and using $password

<?php 
    if($_SERVER['REQUEST_METHOD']=='POST'){
        //Getting values 

        $name = $_POST['name'];

        // fix variable name used later
        $password = $_POST['password'];


        //importing database connection script 
        require_once('dbConnect.php');

        //Creating sql query 
        // error here
        //$sql = "UPDATE users SET password = '$password' WHERE name = $name;";
        $sql = "UPDATE users 
                  SET password = '$password' 
                WHERE name = '$name'";

        //Updating database table 
        if(mysqli_query($con,$sql)){
            echo ' Updated Successfully';
        }else{
            // replace with an actual datbase error output
            //echo 'Could Not Update users Try Again';
            echo mysqli_error($con);
            exit;
        }

        //closing connection 
        mysqli_close($con);
    }
?>

Also when it comes to storing passwords on your database they should really be hashed using the standard php function password_hash() See the manual

RiggsFolly
  • 93,638
  • 21
  • 103
  • 149
0

Firstly, had you used error reporting and checking for errors on your query, you would have seen what it would have thrown you, errors.

WHERE name = $name;"; that needs to be quoted, since it's a string.

WHERE name = '$name';";

Then, the undefined variable $password in your query, where you are assigning it in $pssword = $_POST['password']; (or meant to assign it as). But, that could just be a typo on your part.

Passwords

I also noticed that you may be storing passwords in plain text. This is not recommended.

Use one of the following:

Other links:

Your present code is open to SQL injection. Use mysqli_* with prepared statements, or PDO with prepared statements.

References:

and apply that to your code.

Add error reporting to the top of your file(s) which will help find errors.

<?php 
error_reporting(E_ALL);
ini_set('display_errors', 1);

// rest of your code

Sidenote: Displaying errors should only be done in staging, and never production.

And add or die(mysqli_error($con)) to mysqli_query().

This doesn't help you:

    if(mysqli_query($con,$sql)){
        echo ' Updated Successfully';
    }else{
        echo 'Could Not Update users Try Again';
    }

This will:

    if(mysqli_query($con,$sql)){
        echo ' Updated Successfully';
    }else{
        echo "Error: " . mysqli_error($con);
    }

For the Android code though, I won't be able to help you there, if there are any errors in there.

Also, make sure that you are successfully connected to your database and using the same MySQL API as your query, being mysqli_. That is unknown. If you are using mysql_ or PDO to connect with, then that won't work. You must use the same one from connection to query.

Reference:

Plus, if there are any characters that MySQL will complain about (such as apostrophes), then you will need to escape your data; something you should be doing anyway.

So your code would now read as:

<?php 
error_reporting(E_ALL);
ini_set('display_errors', 1);

if($_SERVER['REQUEST_METHOD']=='POST'){
    //Getting values 

    $name = mysqli_real_escape_string($con, $_POST['name']);
    $password = mysqli_real_escape_string($con, $_POST['password']);


    //importing database connection script 
    require_once('dbConnect.php');

    //Creating sql query 
    $sql = "UPDATE users SET password = '$password' WHERE name = '$name';";

    if(mysqli_query($con,$sql)){
        echo ' Updated Successfully';
    }else{
        echo "Error" . mysqli_error($con);
    }

    //closing connection 
    mysqli_close($con);
}
Community
  • 1
  • 1
Funk Forty Niner
  • 74,450
  • 15
  • 68
  • 141