Solved

How do I do MySQLi table maintenance for things like email addresses and passwords?

Posted on 2016-10-23
5
61 Views
Last Modified: 2016-11-01
I had this question after viewing CSRF session variables.
0
Comment
Question by:Black Sulfur
  • 3
  • 2
5 Comments
 
LVL 108

Accepted Solution

by:
Ray Paseur earned 500 total points
ID: 41856053
Here's the standard SSCCE teaching example for SQL table maintenance.  Please read it over and try some of the examples, then post back if you still have questions!
https://www.experts-exchange.com/articles/12335/PHP-and-MySQLi-Table-Maintenance.html

TL;DR -- preload your form input control values with the existing database values.  When the request comes back, update the database values.  Easy!

Passwords are a bit more involved.  Get the basic table maintenance part started first, then go over to this article about modern ways of handling passwords.
https://www.experts-exchange.com/articles/28768/Password-Hashing-in-PHP.html
0
 

Author Comment

by:Black Sulfur
ID: 41856072
Thanks, Ray.

I know I might be jumping the gun as I haven't read your whole article but it looks like it is just showing how to edit first name and last name? That would be considerably easier than trying to edit the email address and password because obviously you have to check that the email address is not already in use by another user and that the old password you input it in fact correct before you are allowed to enter a new password.
0
 
LVL 108

Expert Comment

by:Ray Paseur
ID: 41856080
Yeah, go ahead and read the article.  You have a lot of layers in this question, and that's why we have the articles here at E-E, because what seems conceptually simple in a question cannot be adequately answered without understanding the layers.

You can ensure that a column is UNIQUE in MySQL by adding the UNIQUE constraint to the table definition.  Any attempt to insert duplicate values into a UNIQUE column will trigger error #1062.  You can trap this and recognize it, for example, to be an email address that is already in use.

The password requires a multi-step process (but the form processing is still very simple).  First, you must look up the user (perhaps by email address) then you must pull out the current password hash from that row of the database.  Use the "old password" with password_verify() to check the hash.  If these match, hash the new password with password_hash() and store it back into that row of the database.
0
 

Author Comment

by:Black Sulfur
ID: 41856089
Thanks for the tip on marking the column as unique in mySql itself, I just did that now but I have  a check with PHP as well.

I am able to create the code to update the password as you mentioned with the password_verify and password_hash. I can also perform the email update but my problem was trying to have the email and password update in one form because perhaps the person didn't want to update their email address and only their password or vice versa. And like I mentioned, I didn't want them to just be able to change the password, there was a field for the old password to be inputted.

Anyway, let me read the full article and take it from there.

Thanks!
1
 

Author Comment

by:Black Sulfur
ID: 41868463
Sorry, forgot to close this out!
0

Featured Post

How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

Join & Write a Comment

Foreword (July, 2015) Since I first wrote this article, years ago, a great many more people have begun using the internet.  They are coming online from every part of the globe, learning, reading, shopping and spending money at an ever-increasing ra…
This article discusses four methods for overlaying images in a container on a web page
The viewer will learn how to count occurrences of each item in an array.
This tutorial will teach you the core code needed to finalize the addition of a watermark to your image. The viewer will use a small PHP class to learn and create a watermark.

758 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

23 Experts available now in Live!

Get 1:1 Help Now