Solved

How do I do MySQLi table maintenance for things like email addresses and passwords?

Posted on 2016-10-23
5
78 Views
Last Modified: 2016-11-01
I had this question after viewing CSRF session variables.
0
Comment
Question by:Black Sulfur
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
5 Comments
 
LVL 110

Accepted Solution

by:
Ray Paseur earned 500 total points
ID: 41856053
Here's the standard SSCCE teaching example for SQL table maintenance.  Please read it over and try some of the examples, then post back if you still have questions!
https://www.experts-exchange.com/articles/12335/PHP-and-MySQLi-Table-Maintenance.html

TL;DR -- preload your form input control values with the existing database values.  When the request comes back, update the database values.  Easy!

Passwords are a bit more involved.  Get the basic table maintenance part started first, then go over to this article about modern ways of handling passwords.
https://www.experts-exchange.com/articles/28768/Password-Hashing-in-PHP.html
0
 
LVL 1

Author Comment

by:Black Sulfur
ID: 41856072
Thanks, Ray.

I know I might be jumping the gun as I haven't read your whole article but it looks like it is just showing how to edit first name and last name? That would be considerably easier than trying to edit the email address and password because obviously you have to check that the email address is not already in use by another user and that the old password you input it in fact correct before you are allowed to enter a new password.
0
 
LVL 110

Expert Comment

by:Ray Paseur
ID: 41856080
Yeah, go ahead and read the article.  You have a lot of layers in this question, and that's why we have the articles here at E-E, because what seems conceptually simple in a question cannot be adequately answered without understanding the layers.

You can ensure that a column is UNIQUE in MySQL by adding the UNIQUE constraint to the table definition.  Any attempt to insert duplicate values into a UNIQUE column will trigger error #1062.  You can trap this and recognize it, for example, to be an email address that is already in use.

The password requires a multi-step process (but the form processing is still very simple).  First, you must look up the user (perhaps by email address) then you must pull out the current password hash from that row of the database.  Use the "old password" with password_verify() to check the hash.  If these match, hash the new password with password_hash() and store it back into that row of the database.
0
 
LVL 1

Author Comment

by:Black Sulfur
ID: 41856089
Thanks for the tip on marking the column as unique in mySql itself, I just did that now but I have  a check with PHP as well.

I am able to create the code to update the password as you mentioned with the password_verify and password_hash. I can also perform the email update but my problem was trying to have the email and password update in one form because perhaps the person didn't want to update their email address and only their password or vice versa. And like I mentioned, I didn't want them to just be able to change the password, there was a field for the old password to be inputted.

Anyway, let me read the full article and take it from there.

Thanks!
1
 
LVL 1

Author Comment

by:Black Sulfur
ID: 41868463
Sorry, forgot to close this out!
0

Featured Post

NFR key for Veeam Backup for Microsoft Office 365

Veeam is happy to provide a free NFR license (for 1 year, up to 10 users). This license allows for the non‑production use of Veeam Backup for Microsoft Office 365 in your home lab without any feature limitations.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Password hashing is better than message digests or encryption, and you should be using it instead of message digests or encryption.  Find out why and how in this article, which supplements the original article on PHP Client Registration, Login, Logo…
3 proven steps to speed up Magento powered sites. The article focus is on optimizing time to first byte (TTFB), full page caching and configuring server for optimal performance.
The viewer will learn how to count occurrences of each item in an array.
The viewer will learn how to create a basic form using some HTML5 and PHP for later processing. Set up your basic HTML file. Open your form tag and set the method and action attributes.: (CODE) Set up your first few inputs one for the name and …

627 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question