I’ve encountered this and similar situations
where mysql_query returns a positive response,
even when the query was not actually executed ;
$upd=mysql_query("UPDATE members set thepassword='$newpass' where actkey='$some_key'");
if($upd)
echo "Your password has been reset.";
else
echo "There is a problem reseting your password:".mysql_error();
Even when the value of actkey($some_key) does not exist in the
table, i still get “Your password has been reset.”
Can you post the code that surrounds the snippet above? You may want to look at [fphp]mysql_affected_rows[/fphp] too, it returns the number of affected rows by the last INSERT, UPDATE, REPLACE or DELETE query.
In this case mysql_query simply return a TRUE to say “yeah, alright, I’ve gone and updated any matching records”.
You want to check the number of rows that have been affected using [fphp]mysql_affected_rows/fphp.
$upd=mysql_query("UPDATE members set thepassword='$newpass' where actkey='$some_key'", $link);
$updated = mysql_affected_rows($link);
if($updated>0) {
echo "Your password has been reset.";
} else {
echo "Your password hasn't been reset because you don't exist.";
}
If the update query runs and no rows were updated it will still return true.
<?php
$upd=mysql_query("UPDATE members set thepassword='$newpass' where actkey='$some_key'");
$rows_affected=mysql_affected_rows();
if (!upd) {
echo "There is a problem reseting your password:".mysql_error();
// For a live site you would want to log the mysql error rather then display it on screen
} elseif ( $rows_affected <> 1 ) {
echo 'Error: Account not found or recognised, please contact the Adminiatrators';
// make suitable log entry
} else {
echo "Your password has been reset.";
}
?>
