Solved

How do I do MySQLi table maintenance for things like email addresses and passwords?

Posted on 2016-10-23
5
77 Views
Last Modified: 2016-11-01
I had this question after viewing CSRF session variables.
0
Comment
Question by:Black Sulfur
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
5 Comments
 
LVL 110

Accepted Solution

by:
Ray Paseur earned 500 total points
ID: 41856053
Here's the standard SSCCE teaching example for SQL table maintenance.  Please read it over and try some of the examples, then post back if you still have questions!
https://www.experts-exchange.com/articles/12335/PHP-and-MySQLi-Table-Maintenance.html

TL;DR -- preload your form input control values with the existing database values.  When the request comes back, update the database values.  Easy!

Passwords are a bit more involved.  Get the basic table maintenance part started first, then go over to this article about modern ways of handling passwords.
https://www.experts-exchange.com/articles/28768/Password-Hashing-in-PHP.html
0
 
LVL 1

Author Comment

by:Black Sulfur
ID: 41856072
Thanks, Ray.

I know I might be jumping the gun as I haven't read your whole article but it looks like it is just showing how to edit first name and last name? That would be considerably easier than trying to edit the email address and password because obviously you have to check that the email address is not already in use by another user and that the old password you input it in fact correct before you are allowed to enter a new password.
0
 
LVL 110

Expert Comment

by:Ray Paseur
ID: 41856080
Yeah, go ahead and read the article.  You have a lot of layers in this question, and that's why we have the articles here at E-E, because what seems conceptually simple in a question cannot be adequately answered without understanding the layers.

You can ensure that a column is UNIQUE in MySQL by adding the UNIQUE constraint to the table definition.  Any attempt to insert duplicate values into a UNIQUE column will trigger error #1062.  You can trap this and recognize it, for example, to be an email address that is already in use.

The password requires a multi-step process (but the form processing is still very simple).  First, you must look up the user (perhaps by email address) then you must pull out the current password hash from that row of the database.  Use the "old password" with password_verify() to check the hash.  If these match, hash the new password with password_hash() and store it back into that row of the database.
0
 
LVL 1

Author Comment

by:Black Sulfur
ID: 41856089
Thanks for the tip on marking the column as unique in mySql itself, I just did that now but I have  a check with PHP as well.

I am able to create the code to update the password as you mentioned with the password_verify and password_hash. I can also perform the email update but my problem was trying to have the email and password update in one form because perhaps the person didn't want to update their email address and only their password or vice versa. And like I mentioned, I didn't want them to just be able to change the password, there was a field for the old password to be inputted.

Anyway, let me read the full article and take it from there.

Thanks!
1
 
LVL 1

Author Comment

by:Black Sulfur
ID: 41868463
Sorry, forgot to close this out!
0

Featured Post

Major Incident Management Communications

Major incidents and IT service outages cost companies millions. Often the solution to minimizing damage is automated communication. Find out more in our Major Incident Management Communications infographic.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Many old projects have bad code, but the budget doesn't exist to rewrite the codebase. You can update this code to be safer by introducing contemporary input validation, sanitation, and safer database queries.
Containers like Docker and Rocket are getting more popular every day. In my conversations with customers, they consistently ask what containers are and how they can use them in their environment. If you’re as curious as most people, read on. . .
The viewer will learn how to count occurrences of each item in an array.
The viewer will learn how to look for a specific file type in a local or remote server directory using PHP.

752 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question