I have a query that changes a users password, and I want to check the users knows their current password before being able to change it. So it is working, I need to enter the current password before changes will be made, but my outputs are still always false, here is the code I have:
$passwordnew=$_POST['passwordnew'];
$password=$_POST['password'];
$password_hash = md5($passwordnew);
$sql = "UPDATE cryptuser SET password='" . $password_hash."' WHERE password = '".md5($password)."' AND userID ='" . $userid ."' ";
//Check SQL Query
$stmt = sqlsrv_query( $conn, $sql,array(), array( "Scrollable" => SQLSRV_CURSOR_KEYSET ));
var_dump(sqlsrv_rows_affected($stmt));
$rows_affected = sqlsrv_rows_affected( $stmt);
if( $rows_affected === false) {
die('password incorrect');
}
else{
echo $rows_affected." the password was updated.<br />";
}
if(!$stmt)
{
die('An error has occured with your registration. If this is an indeliberate occurance,
please report this to us through the contact us page with details of the error.');
}
Can anyone see this won’t output “the password was updated” even when it is? It always returns password incorrect (false)
Advertisement
Answer
Probably not relevant for the author anymore, but for whoever find this question, the answer is:
sqlsrv_errors() returns a message saying “This function only works with statements that are not scrollable”. The code above can be fixed by changing SQLSRV_CURSOR_KEYSET to SQLSRV_CURSOR_FORWARD or removing ‘Scrollable’ parameter at all.