Php mysql update user table

Hi,

I have this user profile page where users can change their information such as username, password etc.

And the problem that I'm having is that I have this for checking if password field was filled in in the form:
if($pwd_ != "" || $pwd_ != null)

If there was a password written in the form the update performs all update including the password update and if the password field was empty it updates everything else except for the password.

But it now always update the password.. if it was left empty it sends an empty password to the database.

Any ideas?

-T
<?php
 
include_once("/home/tobias/domains/tobias.huone.net/include/db_connect_profile.php");
 
 
if(isset($_POST['Submit']))
{ // If receive Submit button variable.
// Select all data records in table "name_list" and put them into $result.
$result=mysql_query("select * from users order by users_id asc");
 
// Fetch record rows in $result by while loop and put them into $row.
 
while($row=mysql_fetch_assoc($result))
{
 
// Get the posted value "users_id" from form.php. This variable change its value by while loop.
 
if (isset($_POST["chk_".$row['users_id']]))
{
$username_= $_POST["username_".$row['users_id']];
$pwd_= $_POST['password_'.$row['users_id']];
$password_again= $_POST['password_again_'];
$email_= $_POST["email_".$row['users_id']];
$puhelin_= $_POST["puh_".$row['users_id']];
$homepage_= $_POST["homepage_".$row['users_id']];
$address_= $_POST["address_".$row['users_id']];
$rows_= $_POST["rowspage_".$row['users_id']];
$refresh_= $_POST["rfresh_".$row['users_id']];
$bg_= $_POST["bg_".$row['users_id']];
$skype= $_POST["skype_".$row['users_id']];
$msn= $_POST["msn_".$row['users_id']];
$userid_ = $_SESSION['users_id'];
 
//include("/home/pt4517/include/db_connect.php");
 
$name_check = $db_object1->query("SELECT username FROM users WHERE username = '$username_'");
 
if (MDB2::isError($name_check))
{
	die($name_check->getMessage());
}
 
$name_check_number = $name_check->numRows();
//echo('check ='.$name_check_number);
 
$sqlquery = "select * FROM users WHERE users_id= '$userid_' AND deluser_ = '0'";
$result = mysql_query($sqlquery);
while ($row = mysql_fetch_array($result))
{
 
	$tunnus = $row['username'];
}
 
 $aErrors = array();
 
// Update field "username", matching with "users_id" value by while loop.
 
if ($username_ == "" || $email_ == "" || !validateemail($email_))
{
  $aErrors[] = "EMPTY_FIELDS";
}
 
if(strlen(preg_replace('/\W/', '', $username_)) > 13)
{
	$aErrors[] = "LIIAN_PITKA";
}
 
if ($pwd_ != $password_again) {
        $aErrors[] = "PASSWORD_MISMATCH";
 
}
 
 
if ($name_check_number != 0 && $tunnus != $username_)
{
    $aErrors[] = "USER_EXISTS";
}
 
 
if (count($aErrors) == 0)
{
	$pwd_ = md5($pwd_);
	$password_again = md5($password_again);
 
echo $pwd_;
 
if($pwd_ != "" || $pwd_ != null)
{
mysql_query("UPDATE users SET username='$username_', password='$pwd_', email='$email_', puhelinnumero='$puhelin_', homepage='$homepage_', address='$address_', amount='$rows_', bg='$bg_', regdate=regdate, show_email=show_email, last_login=last_login, userlevel=userlevel, autorefresh='$refresh_', skype='$skype', msn='$msn' WHERE users_id='$userid_'");
}
else
{
mysql_query("UPDATE users SET username='$username_', email='$email_', puhelinnumero='$puhelin_', homepage='$homepage_', address='$address_', amount='$rows_', bg='$bg_', regdate=regdate, show_email=show_email, last_login=last_login, userlevel=userlevel, autorefresh='$refresh_', skype='$skype', msn='$msn' WHERE users_id='$userid_'");
}
$goback = "index.php?id=1&success=1";
echo ('<meta http-equiv="refresh" content="0.1;url= '.$goback.' ">');
}
else
     {
 
              $aErrorMessages = getErrorMessages($aErrors);
              echo ('<div style="font-weight: bold; color: #e80404; display: block; background-color: #ffffff; padding: 3px 3px 3px 3px; width: 295px;">');
              echo ('Virhe:');
              echo ('<br/>');
              foreach($aErrorMessages as $sError) {
                   echo ('<li style="margin-left: 13px;">' . $sError);
              }
              echo ('</div>');
              echo ('<br/>');
 
     }
 
 
} // if (isset($_POST["chk_".$row[users_id]]))
} // while($row=mysql_fetch_assoc($result))
 
 
 
} // if($_POST['Submit'])
 
 
?>

Open in new window

ToubeAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Ryan_KemptCommented:
In your code example I believe you're determining the md5 hash of an empty value (which returns d41d8cd98f00b204e9800998ecf8427e) and then seeing if it's empty or not, and, the md5 hash is not empty, so therefor it's saying it's not empty. Compare the password value before md5'ing it to determine if it's empty or not, then hash it if it's not empty and update the field.

On a side note; I have always checked the length of the string (strlen) to determine whether or not it's empty as opposed to comparing it to null values. You can also easily change this to disallow passwords that are less than 4 characters long, etc..
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
ToubeAuthor Commented:
Nice one Ryan, that worked good job thanks.

-T

0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
PHP

From novice to tech pro — start learning today.