|
|
Posted by cover on 07/11/07 01:55
On Tue, 10 Jul 2007 06:07:24 +0200, "J.O. Aho" <user@example.net>
wrote:
>$query="SELECT * FROM table WHERE password_column='{$_POST['password']}'";
>$res=mysql_query($query);
>if(!mysql_num_rows($res)) {
> echo "sorry, the wrong password";
> exit;
>}
>
> echo "Wow, you know the password";
I started over... Can't seem to get anything but the 'sorry, wrong
password'.
The form writes to a database called 'actions' and a table called
'actions_tbl' and I'd like to continue to write to that table but only
if, the name and password that are queried on the write are consistent
with a name and password stored within the same database but another
table called 'password_tbl'
This particular form is an update form used to update existing records
into the 'actions_tbl' table. I'd like to add two text fields to the
update form ('text' and 'password') and write that to an additional
field I'll be adding in actions_tbl ('updated_by') to know who did the
update. That update person would have to enter a name and password
into the form that is pre-stored in password_tbl to be successful.
Upon writing to the database table actions_tbl, the name and password
would be checked via query of password_tbl to ensure whomever was in
the database and authorized to do an update. The existing update form
works great but again, there could be issues in not knowing who did
the update which leads to the desire to issue a basic login name and
password that would have to be used for updating records in the db.
I'd thought that perhaps somewhat the reverse of not allowing an empty
field to be processed might be on track but realize that a query will
have to be included to actually check the name and password against
what's in password_tbl so my empty field code as follows won't work
but here it is if it should help someone looking for that particular
fix.
if (!$source || !$type || !$area)
{
echo 'You have not entered all the required fields for this data
entry.<br />'
.'Please click the browser BACK button, complete the form
and try again.';
exit;
}
Anyway, thanks for the pointers and sorry if it seems like I'm getting
into rambling here - frustration coming through... lol
Navigation:
[Reply to this message]
|