i have a form error when i put password and click submit button query executed but on database password row empty :(
please help me to sort out this problem i tried but didn't solve. php contain html via double quotes
thanks
<?php echo errormessage();
if(isset($_REQUEST['email']) && !empty($_REQUEST['email']) AND isset($_REQUEST['token']) && !empty($_REQUEST['token'])){
// Verify data
$email = mysql_prep($_REQUEST['email']); // Set email variable
$token = mysql_prep($_REQUEST['token']); // Set hash variable
$result = mysqli_query($connection,"SELECT email, hash FROM job_seeker WHERE email='".$email."' AND hash='".$token."'");
$num_rows = mysqli_num_rows($result);
if($num_rows > 0){
echo '<form method="post" action=""><table class="table table-bordered" width="100%" >
<tr>
<td width="40%">New Password :</td>
<td width="60%"><input type="password" required="" value="" name="pass"></td>
</tr>
<tr>
<td>Confirm New Password : </td>
<td><input type="password" required="" value="" name="cpass"></td>
</tr>
<tr>
<td></td>
<td><input type="submit" name="submit" value="Update"></td>
</tr>
</table></form>';
//<?php //var_dump($_POST);
#$pass = mysql_prep($_POST['pass']);
#$cpass = mysql_prep($_POST['cpass']);
if(isset($_POST)){
if($pass == $cpass)
{
//echo $hashed_password = password_encrypt($pass);
$hashed_password = $pass;
$result = mysqli_query($connection,"UPDATE job_seeker SET hashed_password='$hashed_password', hash='' WHERE email='".$email."' AND hash='".$token."'");
if ($result) {
// Success
$_SESSION["message"] = "Password Successfully Changed.";
} else {
// Failure
$_SESSION["message"] = "Oops... Something went wrong.";
}
}
}
}else{
$_SESSION["message"] = "OOPS: Link Expired. Please check your inbox.";
}
}else{
//var_dump($_REQUEST);
redirect_to('index.php');
}
?>
The code line:
if(isset($_REQUEST['email']) && !empty($_REQUEST['email']) AND isset($_REQUEST['token']) && !empty($_REQUEST['token'])){
checks for the password and executes query only if the password (token) is posted.
Please update it to:
if(isset($_REQUEST['email']) && !empty($_REQUEST['email'])){
And you code will work.
Problem solved if(isset($_POST)){ lol every one gave new instruction except to change the code if(isset($_POST))
There are errors in the "password change" portion of your code.
$result = mysqli_query($connection,"UPDATE job_seeker SET hashed_password='$hashed_password', hash='' WHERE email='".$email."' AND hash='".$token."'");
depending on your php configuration, it might set the password column to
"$hashed_password"
or to whatever was in the variable $hashed_password
You probably meant to do this :
$result = mysqli_query($connection,"UPDATE job_seeker SET hashed_password='".$hashed_password."', hash='' WHERE email='".$email."' AND hash='".$token."'");
But that is still a terrible idea, because this is vulnerable to sql injection.
Also, make sure you have your column names right, down to the letter. ( i can't check that for you )
I could be because you have predefined Value in form.
Try to change this:
echo '<form method="post" action=""><table class="table table-bordered" width="100%" >
<tr>
<td width="40%">New Password :</td>
<td width="60%"><input type="password" required="" value="" name="pass"></td>
</tr>
<tr>
<td>Confirm New Password : </td>
<td><input type="password" required="" value="" name="cpass"></td>
</tr>
<tr>
<td></td>
<td><input type="submit" name="submit" value="Update"></td>
</tr>
</table></form>';
For this:
echo '<form method="post" action=""><table class="table table-bordered" width="100%" >
<tr>
<td width="40%">New Password :</td>
<td width="60%"><input type="password" required="" name="pass"></td>
</tr>
<tr>
<td>Confirm New Password : </td>
<td><input type="password" required="" name="cpass"></td>
</tr>
<tr>
<td></td>
<td><input type="submit" name="submit" value="Update"></td>
</tr>
</table></form>';
Without value attribute
Related
I'm working on a php login based on mysql table. It's all working fine w/in Chrome, however in both Firefox and Edge, when I type a username and password I am just brought back to the login page. (with correct OR incorrect credentials)
Here is my php code..
<?php session_start();
if(isset($_POST['login'])) {
$uname = $_POST['uname'];
$pass = $_POST['pass'];
$sel_user = $con->prepare("SELECT id, username, pass, gid FROM employees WHERE gid!=4 AND username=?");
$sel_user->execute([$uname]);
$check_user = $sel_user->fetch();
if(count($check_user)>0 && password_verify($pass, $check_user['pass'])) {
$_SESSION['username']=$check_user['username'];
header("Location: xadmin.php" );
exit;
}
else {
echo "<script>alert('Email or password is not correct')</script>";
}};?>
Here is the html form..
<form action="login.php" method="post">
<table width="100%" border="0">
<tbody>
<tr>
<td bgcolor="#3B3B3B" height ="35" class="BodyTxtB" align="center">Administrator Login</td></tr>
<tr height="20"><td></td></tr>
<tr>
<td class="BodyTxtB" align="center">Username</td>
</tr>
<tr>
<td class="BodyTxtB" align="center"><input type="text" class="BodyTxtBC" name="uname" required="required"/></td>
</tr>
<tr height="20"><td></td></tr>
<tr>
<td class="BodyTxtB" align="center">Password</td>
</tr>
<tr>
<td class="BodyTxtB" align="center"><input type="password" class="BodyTxtBC" name="pass" required="required"/></td>
</tr>
<tr height="20"><td></td></tr>
<tr height="35"><td align="center"><input type="image" src="images/btn_login.jpg" name="login" value="Login"/></td></tr>
<tr height="20"><td></td></tr>
</tbody>
</table>
</form>
Here is the validation from xadmin.php
<?php session_start();
if (!isset($_SESSION['username']))
{
header("Location: login.php?e=access_denied");
exit();
}
?>
Does anyone know what could be causing the issue?
UPDATE: Although not relevant to the original issue or provided answers, I have updated this post to fix the issue's of mysql injection and password encryption
Firefox/Edge don't pass through the name of <input type="image" ... />
If you do a print_r($_POST) and submit the form with Firefox you'll get:
Array
(
[login_x] => 0
[login_y] => 0
)
Do the same thing with Chrome, however:
Array
(
[login_x] => 8
[login_y] => 8
[login] => Login
)
... and there you have it.
You could pass through login as a hidden form field:
<input type="image" src="images/btn_login.jpg" />
<input type="hidden" name="login" value="Login" />
I'm trying to allow users to change their passwords in my site.
I'm getting stuck in the controller. My doubt is whether $sql = $this->db->select("*")->from("logins_table")->where('lt_username',$this->session->userdata('email'))->get(); is working or not.
My controller:
<?php
class Changepw extends MY_Controller {
public function Changepwd(){
}
public function reset() // we will load models here to check with database
{
$sql = $this->db->select("*")->from("logins_table")->where('lt_username',$this->session->userdata('email'))->get();
foreach ($sql->result() as $my_info) {
$db_password = $my_info->lt_password;
$db_id = $my_info->lt_id;
}
if($this->input->post('opassword') == $db_password && ($this->input->post('npassword') != '') && ($this->input->post('cpassword')!='')) {
$fixed_pw = mysql_real_escape_string(md5($this->input->post('npassword')));
$update = $this->db->query("Update 'logins_table' SET 'lt_password'= '$fixed_pw' WHERE 'id'= '$db_id'")or die(mysql_error());
//$this->form_validation->set_message('change',"sucess");
echo json_encode(array("success"=>true));
}else {
//$this->form_validation->set_message('change', "err");
echo json_encode(array("success"=>false));
}
exit;
}
}
and my view page is:
<table width="95%" border="0" cellspacing="5" cellpadding="5">
</tbody>
<tr>
<td width="35%" class="heading">Email</td>
<td><input type="text" name="email" ></td>
<tr>
<td class="heading">Existing Password</td>
<td><input type="password" name="opassword" ></td>
</tr>
<tr title="Ignore new password if you dont want to change password">
<td class="heading">New Password</td>
<td><input type="password" name="npassword"></td>
</tr>
<tr>
<td class="heading">Confirm Password</td>
<td><input type="password" name="cpassword"></td>
</tr>
<tr>
<td> </td>
<td><button name="Submit" id="forgotBtn" class="customBtn" value="Submit">Save changes</button>
</td>
<tr>
<td> </td>
<td ><div class="errorMsg" id="errMsg" style="display:none"> Error in updating </div></td>
</tr>
</tr>
</tbody>
</table>
</form>
$("#forgotBtn").on('click', function()
{
$.post( "/changepw/reset", $("#forgotForm").serialize(), // serializes the form's elements.
function(data) {
data = jQuery.parseJSON(data);
if(data.error == false) {
$("#successMsg").hide();
}else{
$("#errMsg").show();
}
} );
return false;
});
Thanks.
I think according to the code, your error is here.
$this->input->post('opassword') == $db_password// this line
While storing password in database you have used md5(), but here you are just checking for the plain text which is wrong
md5($this->input->post('opassword')) == $db_password
This should help you.
I am trying to create a sign up sheet for an assignment but i am having difficulty as i have to allow for admin rights so i decide to create a column called administrator in my table as a boolean ie true or false. on my sign up sheet i wish to use a checkbox if its checked they are an administrator if not then they are not.
how can i make the check box = 1 or 0 to the mysql statment?
here is the code for sign up:
<form method="POST" action="new-user 2.php">
<td>Full Name</td><td>
<input type="text" name="name"></td>
</tr>
<tr>
<td>Email</td>
<td>
<input type="text" name="email"></td>
</tr>
<tr>
<td>UserName</td>
<td>
<input type="text" name="user">
</td> </tr>
<tr>
<td>Password</td>
<td>
<input type="password" name="pass">
</td>
</tr>
<tr>
<td>Confirm Password </td>
<td><input type="password" name="cpass">
</td>
</tr>
</tr>
<tr>
<td>Administrator </td>
<td><input type="checkbox" name="cbox" />
</td>
</tr>
<tr>
<td>
<input id="button" type="submit" name="submit" value="Register">
</td>
</tr>
</form>
</table>
</fieldset>
</div>
</div>
</body>
</html>
<?php
if(isset($_POST['cbox']))
{
$administrator ='1';
}
else
{
$administrator ='0';
}
?>
Thank you
Update:
The new user2.php code is as follows:
require_once('connection.php');
function NewUser()
{
#$salt = 'sadfh9832asd34rf28asjvddap';
#$crypt = crypt ($salt .$password);
$fullname = $_POST['name'];
$userName = $_POST['user'];
$email = $_POST['email'];
$administrator =$_POST['administrator'];
#$password = crypt($_POST['pass']);
$password = md5($_POST['pass']);
echo "<hr>".$_POST['pass'] . "=[$password]<hr>";
#$password = stripslashes($password);
#$password = mysql_real_escape_string($password);
$query = "INSERT INTO `WebsiteUsers`(`fullname`, `userName`, `email`, `pass`, `administrator`) VALUES ('$fullname','$userName','$email','$password', 'administrator')";
$data = mysql_query ($query)or die(mysql_error());
echo "<hr>$query<hr>";
if($data)
{
echo "YOUR REGISTRATION IS COMPLETED...";
}
}
function SignUp()
{
if(!empty($_POST['user'])) //checking the 'user' name which is from Sign-Up.html, is it empty or have some text
{ $query = mysql_query("SELECT * FROM WebsiteUsers WHERE userName = '$_POST[user]'
AND pass = '$_POST[pass]'") or die(mysql_error());
if(!$row = mysql_fetch_array($query) or die(mysql_error()))
{
newuser();
}
else
{
echo "SORRY...YOU ARE ALREADY A REGISTERED USER..."; }
}
}
if(isset($_POST['submit']))
{
SignUp();
}
#header("location:index.html");
?>
<?php
$cookie_name = "cookieuser";
$cookie_value = $fullname;
setcookie($cookie_name, $cookie_value, time() + (86400 * 30), "/"); // 86400 = 1 day
?>
Give a value to the checkbox like this
<input type="checkbox" name="cbox" value="1" />
Then check if that value is assigned to the $_POST variable like this.
if($_POST['cbox'] == '1')
Complete code is listed below. I have done some modifications.
<form method="POST" action="new-user 2.php">
<td>Full Name</td><td>
<input type="text" name="name"></td>
</tr>
<tr>
<td>Email</td>
<td>
<input type="text" name="email"></td>
</tr>
<tr>
<td>UserName</td>
<td>
<input type="text" name="user">
</td> </tr>
<tr>
<td>Password</td>
<td>
<input type="password" name="pass">
</td>
</tr>
<tr>
<td>Confirm Password </td>
<td><input type="password" name="cpass">
</td>
</tr>
</tr>
<tr>
<td>Administrator </td>
<td><input type="checkbox" name="cbox" value="1" />
</td>
</tr>
<tr>
<td>
<input id="button" type="submit" name="submit" value="Register">
</td>
</tr>
</form>
</table>
</fieldset>
</div>
</div>
</body>
</html>
<?php
if(isset($_POST['cbox']))
{
if($_POST['cbox'] == '1'){
$administrator ='1';
}else{
$administrator ='0';
}
}else
{
$administrator ='0';
}
?>
Per your form elemenet, <form method="POST" action="new-user 2.php"> this script is submitting to new-user 2.php. If this page is new-user 2.php then $administrator will be 1 or 0 (as a string).
If this page is not new-user 2.php then this check:
<?php
if(isset($_POST['cbox']))
{
$administrator ='1';
}
else
{
$administrator ='0';
}
?>
will not run, because the PHP only executes on page load; it is not available once the page has loaded.
$_POST['cbox'] is either going to have the value of on or not be set.
You can see all values being submitted by outputting the POST after the form is submitted with this, print_r($_POST);.
If this is new-user 2.php then please update your question to where the usage of $administrator can be seen.
Per your update code the issue is you are checking the wrong form element. Your form element is cbox, not administrator. You also are open to SQL injections with this code and are using the deprecated driver, mysql_. You should switch up to mysqli or pdo.
On to your code... Your NewUser function should be updated to:
function NewUser()
{
#$salt = 'sadfh9832asd34rf28asjvddap';
#$crypt = crypt ($salt .$password);
$fullname = mysql_real_escape_string($_POST['name']);
$userName = mysql_real_escape_string($_POST['user']);
$email = mysql_real_escape_string($_POST['email']);
$administrator = isset($_POST['cbox']) ? 1 : 0;
#$password = crypt($_POST['pass']);
$password = md5($_POST['pass']);
echo "<hr>".$_POST['pass'] . "=[$password]<hr>";
#$password = stripslashes($password);
#$password = mysql_real_escape_string($password);
$query = "INSERT INTO `WebsiteUsers`(`fullname`, `userName`, `email`, `pass`, `administrator`) VALUES ('$fullname','$userName','$email','$password', $administrator)";
$data = mysql_query ($query)or die(mysql_error());
echo "<hr>$query<hr>";
if($data)
{
echo "YOUR REGISTRATION IS COMPLETED...";
}
}
Note the escaping and $administrator = isset($_POST['cbox']) ? 1 : 0;.
i am creating a code for email confirmation link. user inserted email id , n stores in db. Next time when user insert id into form, first of all it will check whether email id is already present in db or not. If y then said 'already exists' & if n then insert it into db. Initially i am inserting data into db. then i want to compare user input email is with db email id. so i dont know how i retrieve data on pg then compare it. here is my code
<html>
<body>
<form name="form" method="post">
<table>
<tr>
<td>First Name</td>
<td><input type="text" name="fname" required pattern="[a-zA-Z]+" /></td>
</tr>
<tr>
<td>Last Name</td>
<td><input type="text" name="lname" required pattern="[a-zA-Z]+" /></td>
</tr>
<tr>
<td>Email Id</td>
<td><input type="email" name="mail" required /></td>
</tr>
<tr>
<td></td>
<td><input type="submit" name="submit" value="submit" /></td>
</tr>
</table>
</form>
<?php
include 'connection.php';
if(isset($_POST["submit"]))
{
$fname="'".trim(addslashes($_POST["fname"]))."'";
$lname="'".trim(addslashes($_POST["lname"]))."'";
$email="'".trim(addslashes($_POST["mail"]))."'";
$key="'".MD5(microtime())."'";
$to=$email;
$subject="Confirm your email id";
$message="Hello $fname
Click on below link to confirm your id.
www.vs.com/abcdefghojklmnopqrstuvwxyz.php?code=$key
";
$header="From :sneha#valencynetworks.com";
// echo $fname."<br />".$email."<br />".$to."<br />".$subject."<br />".$message."<br />".$header;
if(mail($to,$subject,$message,$header))
{
$sql="insert into confirm_emailid values($email,$fname,$lname,$key,'1')";
if(mysqli_query($con,$sql))
{
die("Check your id for confirmation".mysqli_error($con));
}
}
/*$sql1=mysqli_query($con,"select * from random_key where eid=$email");
while($row=mysqli_fetch_assoc($sql1))
{
echo $row['eid'];
}*/
$result="SELECT count(eid) as number_of_occurences FROM confirm_emailid WHERE eid = $_POST['mail']";
if ($row['number_of_occurences'] == 0) {
echo "this adresse isn't in the database, so add it !";
}
else {
echo "already in the database :(";
}
mysqli_close($con);
}
?>
</body>
</html>
The best way is to use Ajax for compare this email field with database emails.
Steps :
List item
On focusout from email field call ajax request
This ajax request fields contain user entered email
on php page its checks whether email exists o not if exists it gives false flag and if not it gives true flag.
4.From this method you can check email without page loading.
When your form is submited, you have an array $_POST.
So, you just have to select from your database the sames values : exemple :
SELECT count(id) as number_of_occurences FROM member WHERE mail_adresse = $_POST['e-mail'] ;
You fetch the data like you did other times, and just compare $row['number_of_occurences'] to 0.
if ($row['number_of_occurences'] == 0) {
this adresse isn't in the database, so add it !
}
else {
already in the database :(
}
index.php
<html>
<body>
<form name="form" method="post" action="process.php">
<table>
<tr>
<td>First Name</td>
<td><input type="text" name="fname" required pattern="[a-zA-Z]+" /></td>
</tr>
<tr>
<td>Last Name</td>
<td><input type="text" name="lname" required pattern="[a-zA-Z]+" /></td>
</tr>
<tr>
<td>Email Id</td>
<td><input type="email" name="mail" required /></td>
</tr>
<tr>
<td></td>
<td><input type="submit" name="submit" value="submit" /></td>
</tr>
</table>
</form>
</body>
process.php
<?php
$host = "localhost";
$user = "root";
$password = "yourpass";
$database = "your database name";
// Establish server connection and select database
$dbh = mysqli_connect($host, $user, $password, $database);
if (mysqli_connect_errno()) {
die('Unable to connect to database ' . mysqli_connect_error());
} else {
// run query to fetch records
// $result = mysqli_query($dbh, "SELECT email_address FROM users ");
/* fetch associative array */
$email = $_POST['mail'];
$query = "SELECT `eid` FROM `confirm_emailid` WHERE `eid` = '$email'";
$result = mysqli_query($dbh, $query); //$link is the connection
if (mysqli_num_rows($result) > 0) {
die('email already exists');
} else {
$query = mysqli_query($dbh, "insert into users(email_address) values('$email')");
echo 'data inserted succesfully';
}
}
So I'm having a challenge with a subscription system that I've been building.
I'm using a simple login php page to validate the username and password of the user against the DB, once authenticated the script creates a secure session and calls the edit_subscription.php file and passes the ID of the user through the Url.
The edit_subscription.php file takes the ID and pulls the user info using MYsql
and loads their info into a form. The user can then edit or modify their subscription details and press the submit button to update the DB.
Everything works except the mysql Update back to the DB.
I've managed to narrow the problem down to the ID variable
If I hardcode the variable into the update command it works and the db is updated
If I hardcode the ID into a variable used in the update command, it works up to a point. if I move that hardcoded variable in front of line 42 the update command will no longer work.
I think it's something to do with the post command, but even when I load the old ID into a hidden form and try to have it repost for the update command it still doesn't work and treats the variable as if it's empty.
I've tried for hours to get this working, and just can seem to get it going.
anyone have any suggestions pertaining to specifically this issue
(please don't comment of security or, best practices unless it relates specifically to the issue described thanks)
<?
$id = htmlspecialchars($_GET['ID']);
$username="****";
$database="****";
$host="****";
$pass ="****";
mysql_connect($host,$username,$pass);
#mysql_select_db($database) or die( "Unable to select database");
$result = mysql_query("SELECT * FROM `****`.`****` WHERE `Subscriber ID` = '$id' LIMIT 1");
$name_old=mysql_result($result,0,"Name");
$address1_old=mysql_result($result,0,"Address 1");
$address2_old=mysql_result($result,0,"Address 2");
$city_old=mysql_result($result,0,"City");
$prov_old=mysql_result($result,0,"Prov");
$postal_old=mysql_result($result,0,"Postal");
$country_old=mysql_result($result,0,"Country");
$email_old=mysql_result($result,0,"Email");
$qty_old=mysql_result($result,0,"qty");
$status_old=mysql_result($result,0,"Status");
$ezine_old=mysql_result($result,0,"Ezine");
$mailout_old=mysql_result($result,0,"Mailout");
$password_old=mysql_result($result,0,"Password");
$nameErr = $emailErr = $passwordErr = "";
$name=$_POST['name'];
$email=$_POST['email'];
$address1=$_POST['address1'];
$address2=$_POST['address2'];
$city=$_POST['city'];
$province=$_POST['prov'];
$postal=$_POST['postal'];
$country=$_POST['country'];
$password=$_POST['password'];
$mailout=$_POST['mailout'];
$ezine=$_POST['ezine'];
$status="Subscribed";
$qty=$_POST['qty'];
if ($_SERVER["REQUEST_METHOD"] == "POST") {
if (empty($_POST["password"])) {
$passwordErr = "* Password is required";
}
if (empty($_POST["name"])) {
$nameErr = "* Name is required";
} else {
$name = test_input($_POST["name"]);
if (!preg_match("/^[a-zA-Z ]*$/",$name)) {
$nameErr = "* Invalid Characters";
}
}
if(isset($_POST['mailout'])){}
else{
$mailout="NO";
}
if(isset($_POST['ezine'])){}
else{
$ezine="NO";
}
if (empty($_POST["email"])) {
$emailErr = "* Email is required";
} else {
$email = test_input($_POST["email"]);
if (!filter_var($email, FILTER_VALIDATE_EMAIL)) {
$emailErr = "* Invalid email";
}
}
if($name != NULL AND $nameErr == ""){
if($email != NULL AND $emailErr == ""){
if($password != NULL AND $passwordErr == ""){
mysql_query("UPDATE `Subscribers` SET
`Name` ='$name',
`Email` = '$email',
`Address 1` = '$address1',
`Address 2` = '$address2',
`City` = '$city',
`Prov` = '$province',
`Postal` = '$postal',
`Country` = '$country',
`Password` = '$password',
`qty` = '$qty',
`Status` = '$status',
`Mailout` = '$mailout',
`Ezine` = '$ezine',
WHERE `Subscriber ID` = $id");
mysql_close();
echo ("<p align=\"center\"><font color=\"red\">Thank you for updating your subscription, you should receive an email confirmation shortly</font></p>");
}
}
}
}
function test_input($data) {
$data = trim($data);
$data = stripslashes($data);
$data = htmlspecialchars($data);
return $data;
}
?>
<form method="post" action="<?php echo htmlspecialchars($_SERVER["PHP_SELF"]);?>">
<table width="100%" border="0">
<tr>
<td width="11%" align="right">Name</td>
<td width="3%"> </td>
<td width="47%"><input type="text" name="name" value="<?php echo $name_old;?>">
<font color="red"> <?php echo $nameErr;?></font></td>
<td width="39%" bgcolor="#CCCCCC"><input type="checkbox" name="ezine" value="YES"
<? if($ezine_old =="YES"){echo "checked";} ?>>
Subscribe by email</td>
</tr>
<tr>
<td width="11%" align="right">Address 1</td>
<td> </td>
<td width="47%"><input type="text" name="address1" value="<?php echo $address1_old;?>"></td>
<td bgcolor="#CCCCCC"><input type="checkbox" name="mailout" value="YES" <? if($mailout_old =="YES"){echo "checked";} ?>>
Subscribe by Post </td>
</tr>
<tr>
<td width="11%" align="right">Address 2</td>
<td> </td>
<td width="47%"><input type="text" name="address2" value="<?php echo $address2_old;?>"></td>
<td bgcolor="#CCCCCC"><input type="text" name="qty" value="<?php echo $qty_old;?>" size="5">
# of copies.</td>
</tr>
<tr>
<td align="right">City</td>
<td> </td>
<td><input type="text" name="city" value="<?php echo $city_old;?>"></td>
<td> </td>
</tr>
<tr>
<td align="right">Province</td>
<td> </td>
<td><input type="text" name="prov" value="<?php echo $prov_old;?>" >
<td> </td>
</tr>
<tr>
<td align="right">Postal</td>
<td> </td>
<td><input type="text" name="postal"value="<?php echo $postal_old;?>" ></td>
<td></td>
</tr>
<tr>
<td align="right">Country</td>
<td> </td>
<td><input type="text" name="country" value="<?php echo $country_old;?>" ></td>
<td> </td>
</tr>
<tr>
<td align="right">Email</td>
<td> </td>
<td colspan="2"><input type="text" name="email" value="<?php echo $email_old;?>">
<font color="red"><?php echo $emailErr;?></font></td>
</tr>
<tr>
<td align="right">Password</td>
<td> </td>
<td colspan="2"><input type="password" name="password" value="<?php echo $password_old;?>">
<font color="red"> <?php echo $passwordErr;?></font></td>
</tr>
<tr>
<td align="right"> </td>
<td> </td>
<td> </td>
<td></td>
</tr>
<tr>
<td align="right"> </td>
<td><img src="images/shim.png" width="20" height="20" /></td>
<td><input type="Submit" ></td>
<td> </td>
</tr>
</table>
<p> </p>
</form>
There is a comma after
Ezine = '$ezine' ,
Remove it. Also you shall also use mysqli extension or PDO sql . mysql_ is deprecated
As you said, there is a lot wrong with that code.. however to satisfy your question here is the simple answer:
You left an extra comma in your update statement.
`Ezine` = '$ezine',
In the future try always checking if the query went through.
$result = mysql_query(..);
if($result) {
// it worked
} else {
// it failed
echo mysql_error(); // or mysqli_error($link); or $link->error, etc.
}
Best of luck