MySQL, Changing a value of a field[RESOLVED]

[espylacopa]

I am writing a web program and I need to have a way for the admin to change either the admin password or the standard password (user name view)

I need to know what I have to do with my code to get it working properly.

Or, maybe someone has code already where I just have to change the names of the fields? Im sure it is simple code, it just has to determine which submit button was clicked and then use the proper query to update the password field.

Please help

VB Code:

<?php
include("cn.php");
include("common.php");
checklogin();
 
$msg = "";
$password = "";
 
 
 
 
$_POST['Submit']
{
 
    $password = $_POST['password'];
    
    
    
        $result = mysql_query("Update admin set password='$password');
        $msg="Admin Password Changed"
    
}
?>
<html>
<head>
<title>Administration</title>
</head>
 
<body bgcolor="#BCCDCC">
 
<table width="76%" border="1" align="center" cellpadding="1" cellspacing="1" bgcolor="#FFFFFF">
  <tr> 
    <td width="3%" bgcolor="#CCCCCC"><font size="2" face="Verdana, Arial, Helvetica, sans-serif">&nbsp;</font></td>
    <td width="97%" bgcolor="#CCCCCC"><font size="2" face="Verdana, Arial, Helvetica, sans-serif"><strong>Records</strong></font></td>
  </tr>
  <tr> 
    <td><font size="1" face="Verdana, Arial, Helvetica, sans-serif">&nbsp;</font></td>
    <td><font size="1" face="Verdana, Arial, Helvetica, sans-serif">&nbsp;</font></td>
  </tr>
  <tr> 
    <td><font size="1" face="Verdana, Arial, Helvetica, sans-serif">&nbsp;</font></td>
    <td><font size="1" face="Verdana, Arial, Helvetica, sans-serif"><a href="newrecord.php">Addnew 
      Record </a></font></td>
  </tr>
  <tr> 
    <td><font size="1" face="Verdana, Arial, Helvetica, sans-serif">&nbsp;</font></td>
    <td><font size="1" face="Verdana, Arial, Helvetica, sans-serif"><a href="listrecord.php">Edit/View 
      Records</a></font></td>
  </tr>
  <tr> 
    <td><font size="2" face="Verdana, Arial, Helvetica, sans-serif">&nbsp;</font></td>
    <td><font size="2" face="Verdana, Arial, Helvetica, sans-serif">&nbsp;</font></td>
  </tr>
 
</table>
<form name="form1" method="post" action="">
 
    <table width="48%" border="1" align="center" cellpadding="1" cellspacing="1" bordercolor="#000000">
   <tr><td colspan="2">Change Admin Password</td></tr> 
    <tr> 
      <td><font size="2" face="Verdana, Arial, Helvetica, sans-serif">New Password</font></td>
      <td><font size="2" face="Verdana, Arial, Helvetica, sans-serif"> 
        <input name="password" type="password" id="password">
        </font></td>
    </tr>
    <tr> 
      <td>&nbsp;</td>
      <td><input type="submit" name="Submit" value="Submit"></td>
    </tr>
  </table>
<p>&nbsp;</p></form>
<form name="form1" method="post" action="">
 
    <table width="48%" border="1" align="center" cellpadding="1" cellspacing="1" bordercolor="#000000">
   <tr><td colspan="2">Change View Password</td></tr> 
    <tr> 
      <td><font size="2" face="Verdana, Arial, Helvetica, sans-serif">New Password</font></td>
      <td><font size="2" face="Verdana, Arial, Helvetica, sans-serif"> 
        <input name="password" type="password" id="password">
        </font></td>
    </tr>
    <tr> 
      <td>&nbsp;</td>
      <td><input type="submit" name="Submit" value="Submit"></td>
    </tr>
  </table>
<p>&nbsp;</p></form>
</body>
</html>

[visualAd]

Your code seems to be somewhat incomplete. You are missing an if statment and you are also not ensuring that meta characters in the password have been escaped and that the mysql query was successful.

Try this code:

PHP Code:

if(isset($_POST['Submit'])) // test if the variable exists - it won't if the form wasn't submitted
{
    /* check if magic quotes is on and undo its actions if it is, then
       escape meta characters in the password string
     */
    if (get_magic_quotes_gpc()) {
        $password = stripslashes($_POST['password']);
    } else {
        $password = $_POST['password'];
    }

    $password = mysql_escape_string($password);

    $query = "UPDATE admin SET `password`='$password'";
    
    if (mysql_query($query)) {
    $msg= 'Admin Password Changed';
    } else {
        $msg = 'Failed to change admin password: ' . mysql_error();
    }
}