hi guys im making update for registration . i already have make the coding and password must be update same with confirm password . i already try this. it appear "please check password and confirm password " in alert box. but when i check at database wrong confirm password still in database . example password : admin01 but userconfirm : admin02. how do i stop the process if password doesnt equal confirm password. thank you
<?php
session_start();
?>
<?php
include('config1.php');
$username=$_SESSION['username'];
$userid=$_POST['userid'];
$useremail=$_POST['useremail'];
$userdiv=$_POST['userdiv'];
$userdepartment=$_POST['userdepartment'];
$userpass=$_POST['userpass'];
$userconfirm=$_POST['userconfirm'];
// update data in mysql database
$sql="UPDATE login SET userid='$userid', useremail='$useremail', userdiv='$userdiv', userdepartment='$userdepartment', userpass='$userpass',userconfirm='$userconfirm' WHERE username='$username'";
$result=mysql_query($sql);
if($result)
{
if ($_POST['userpass'] == $_POST['userconfirm'])
{
echo ("<SCRIPT LANGUAGE='JavaScript'>
window.alert('UPDATE SUCCESS')
window.location.href='userMain.php';
exit();
</SCRIPT>");
}
else
{
echo ("<SCRIPT LANGUAGE='JavaScript'>
window.alert('PLEASE CHECK YOUR PASSWORD AND CONFIRM PASSWORD')
window.location.href='updateUser.php';
exit();
</SCRIPT>");
}
}
else
{
echo ("<SCRIPT LANGUAGE='JavaScript'>
window.alert('UPDATE ERROR ')
window.location.href='updateUser.php';
exit();
</SCRIPT>");
}
?>
i think it must put something in else right ? i dont know what to put to end the process if password != confirm password
The problem is that you are updating the database in the first place and then you verify if the password doesn't match. You must verify first and if everything is ok update the database.
Another thing you must take care about:
mysql_ functions are deprecated, use PDO or mysqli_ functions instead.Code example:
if ($_POST['userpass'] != $_POST['userconfirm']) {
die("<SCRIPT LANGUAGE='JavaScript'>
window.alert('PLEASE CHECK YOUR PASSWORD AND CONFIRM PASSWORD');
window.location.href='updateUser.php';
</SCRIPT>");
}
$userid = mysql_real_escape_string($_POST['userid']);
// ... put all the variables here
$sql="UPDATE login
SET userid='$userid'
, useremail='$useremail'
, userdiv='$userdiv'
, userdepartment='$userdepartment'
, userpass='$userpass'
, userconfirm='$userconfirm'
WHERE username='$username'";
if(!mysql_query($sql)) {
die("<SCRIPT LANGUAGE='JavaScript'>
window.alert('UPDATE ERROR');
window.location.href='updateUser.php';
</SCRIPT>");
}
echo "<SCRIPT LANGUAGE='JavaScript'>
window.alert('UPDATE SUCCESS');
window.location.href='userMain.php';
</SCRIPT>");