|  | Posted by J.O. Aho on 07/10/07 15:51 
cover wrote:> On Tue, 10 Jul 2007 07:34:35 +0200, "J.O. Aho" <user@example.net>
 > wrote:
 >
 >> Yes, in the case you want that the user will be using both a login name and
 >> password, if you only want a password, you have to see that the password is
 >> unique, otherwise the users can be mixed up (while using login+pass the
 >> likelihood is a lot less that you have two persons with the same login and
 >> password, of course you should see to have only one user for each
 >> username/login you use).
 >
 > Would something like this work where there might be two tables, one
 > with the data you're trying to update and the second only holding the
 > user name and password where conditions had to be met at update.
 
 > mysql_query("UPDATE actions_tbl SET date='$ud_date',
 > targmonth='$ud_targmonth', targyear='$ud_targyear',
 > 	assignedto='$ud_assignedto', datecomp='$ud_datecomp',
 > status='$ud_status', referenceno='$ud_referenceno'
 > 	WHERE id='$ud_id' AND WHERE password_tbl
 > updater_column='$updater' AND password_column='$password'") or
 > die("Update Error: ".mysql_error());
 >
 > echo "Record Updated";
 > mysql_close();
 
 No, that won't work, do
 
 $pass_query="SELECT * FROM table WHERE password_column='{$_POST['password']}'
 AND user_column='{$_POST['username']}'";
 $res=mysql_query($pass_query);
 if(mysql_num_rows($res)) {
 $query="UPDATE actions_tbl SET date='$ud_date',
 targmonth='$ud_targmonth', targyear='$ud_targyear',
 assignedto='$ud_assignedto', datecomp='$ud_datecomp',
 status='$ud_status', referenceno='$ud_referenceno'
 WHERE id='$ud_id'";
 mysql_query($query);
 $time=date('Y-m-d h:n');
 shell_exec("echo \"{$time} {$_POST['username']}: {$query}\" >>
 /path/to/sqlupdate.log");
 }
 
 This way you check if the user is allowed to make the update and up do the
 update and then register the update to the logfile.
 
 
 --
 
 //Aho
 [Back to original message] |