Go Premium for a chance to win a PS4. Enter to Win

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 81
  • Last Modified:

How do I do MySQLi table maintenance for things like email addresses and passwords?

I had this question after viewing CSRF session variables.
0
Black Sulfur
Asked:
Black Sulfur
  • 3
  • 2
1 Solution
 
Ray PaseurCommented:
Here's the standard SSCCE teaching example for SQL table maintenance.  Please read it over and try some of the examples, then post back if you still have questions!
https://www.experts-exchange.com/articles/12335/PHP-and-MySQLi-Table-Maintenance.html

TL;DR -- preload your form input control values with the existing database values.  When the request comes back, update the database values.  Easy!

Passwords are a bit more involved.  Get the basic table maintenance part started first, then go over to this article about modern ways of handling passwords.
https://www.experts-exchange.com/articles/28768/Password-Hashing-in-PHP.html
0
 
Black SulfurAuthor Commented:
Thanks, Ray.

I know I might be jumping the gun as I haven't read your whole article but it looks like it is just showing how to edit first name and last name? That would be considerably easier than trying to edit the email address and password because obviously you have to check that the email address is not already in use by another user and that the old password you input it in fact correct before you are allowed to enter a new password.
0
 
Ray PaseurCommented:
Yeah, go ahead and read the article.  You have a lot of layers in this question, and that's why we have the articles here at E-E, because what seems conceptually simple in a question cannot be adequately answered without understanding the layers.

You can ensure that a column is UNIQUE in MySQL by adding the UNIQUE constraint to the table definition.  Any attempt to insert duplicate values into a UNIQUE column will trigger error #1062.  You can trap this and recognize it, for example, to be an email address that is already in use.

The password requires a multi-step process (but the form processing is still very simple).  First, you must look up the user (perhaps by email address) then you must pull out the current password hash from that row of the database.  Use the "old password" with password_verify() to check the hash.  If these match, hash the new password with password_hash() and store it back into that row of the database.
0
 
Black SulfurAuthor Commented:
Thanks for the tip on marking the column as unique in mySql itself, I just did that now but I have  a check with PHP as well.

I am able to create the code to update the password as you mentioned with the password_verify and password_hash. I can also perform the email update but my problem was trying to have the email and password update in one form because perhaps the person didn't want to update their email address and only their password or vice versa. And like I mentioned, I didn't want them to just be able to change the password, there was a field for the old password to be inputted.

Anyway, let me read the full article and take it from there.

Thanks!
1
 
Black SulfurAuthor Commented:
Sorry, forgot to close this out!
0

Featured Post

What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

  • 3
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now