-2

Update query not working with GET

$key = mysql_real_escape_string($_GET['key']) ;
$pass = mysql_real_escape_string(trim($_POST['pass'])) ;

$key1="UPDATE login SET pass = '" . $pass . "' WHERE 
                                        (key_id = '" . $key . "')";

the variable is passed like this newpassword.php?key=5384f

echo $key; variable does not yield any result ? what could be wrong?

for some reason it's updating all the other passwords except the one where key exists.

php_javascript_html_dev
  • 396
  • 4
  • 11
  • 25
  • Try to remove () in WHERE clause and please don't use `mysql_* ` functions they are removed in PHP 7 !! – Thomas Rollet Jan 28 '16 at 15:08
  • 1
    basic debugging: did you try `echo $key1` to see what your generated query look like? Never assume your sql syntax is correct, or that the query succeeds. – Marc B Jan 28 '16 at 15:08
  • 4
    Please [stop using `mysql_*` functions](http://stackoverflow.com/questions/12859942/why-shouldnt-i-use-mysql-functions-in-php). [These extensions](http://php.net/manual/en/migration70.removed-exts-sapis.php) have been removed in PHP 7. Learn about [prepared](http://en.wikipedia.org/wiki/Prepared_statement) statements for [PDO](http://php.net/manual/en/pdo.prepared-statements.php) and [MySQLi](http://php.net/manual/en/mysqli.quickstart.prepared-statements.php) and consider using PDO, [it's really pretty easy](http://jayblanchard.net/demystifying_php_pdo.html). – Jay Blanchard Jan 28 '16 at 15:09
  • 3
    Please use PHP's [built-in functions](http://jayblanchard.net/proper_password_hashing_with_PHP.html) to handle password security. If you're using a PHP version less than 5.5 you can use the `password_hash()` [compatibility pack](https://github.com/ircmaxell/password_compat). – Jay Blanchard Jan 28 '16 at 15:09
  • 4
    @Daan: uh, outright false. you can have query (aka GET) variables on a POST request. however, you can't have POST data if the url is fetched via get. – Marc B Jan 28 '16 at 15:11
  • @MarcB Yes you're correct, I actually meant that `$_SERVER['REQUEST_METHOD']` (or basically a request) can never be get and post at the same time. – Daan Jan 28 '16 at 15:13
  • @Thomas Rollet I removed () but still no luck – php_javascript_html_dev Jan 28 '16 at 15:44

1 Answers1

0

It was a dumb mistake, I figured the error; I was posting to same page using <?php echo $_SERVER['PHP_SELF']?> . After posting to the page I was trying to retrieve the key using get and then trying to run the update query with it. This was not working as after post the url will change and key would be gone.

The solution was to capture the key value first and store it into the form as an invisible text item first and then post it to update.

php_javascript_html_dev
  • 396
  • 4
  • 11
  • 25