2 Replies - 3394 Views - Last Post: 05 July 2012 - 08:35 PM

#1 Galaxy_Stranger  Icon User is offline

  • D.I.C Head

Reputation: 1
  • View blog
  • Posts: 100
  • Joined: 07-February 06

MySQL Routines and success of code.

Posted 03 July 2012 - 07:50 AM

I was working on "change my password" functionality in my web application. Everything's working fine except for a little bug. The way I've written the stored procedure, you pass it the users existing password, the new password and their user id. The update changes the password if the existing password matches with what's already in the table. If they don't match, it doesn't update the password.

My problem is that when you put in an existing password that doesn't match the table value, the stored procedure still WORKS, so there's no error thrown. Basically, "update user_password where user_id = user_id AND existing_password = table_value ;".

As you can see, the update either occurs or it doesn't. There is no error if the update does not happen.

What's the best way to go about handling this?

TIA.

Is This A Good Question/Topic? 0
  • +

Replies To: MySQL Routines and success of code.

#2 Martyr2  Icon User is offline

  • Programming Theoretician
  • member icon

Reputation: 4361
  • View blog
  • Posts: 12,180
  • Joined: 18-April 07

Re: MySQL Routines and success of code.

Posted 03 July 2012 - 11:33 AM

There is ROW_COUNT() which you can use to determine if any rows were updated. Of course if the answer is zero then you know it was unsuccessful.

Hopefully this is what you were looking for.

:)
Was This Post Helpful? 2
  • +
  • -

#3 Galaxy_Stranger  Icon User is offline

  • D.I.C Head

Reputation: 1
  • View blog
  • Posts: 100
  • Joined: 07-February 06

Re: MySQL Routines and success of code.

Posted 05 July 2012 - 08:35 PM

Thanks for the reply, Martyr.

Yeah, ROW_COUNT() looks like the way to go. But I'm having problems grabbing the return string value. Here's my procedure:
CREATE DEFINER=`myUser`@`localhost` PROCEDURE `USER_CHANGE_MY_PASSWORD`(IN currentUserId VARCHAR(45), IN currentPassword VARCHAR(45), IN newPassword VARCHAR(45), OUT outcomeString VARCHAR(45))
BEGIN
    /*  Update the table:   */
    UPDATE USER_AUTH
    SET USER_PASSWORD = newPassword
    WHERE USER_ID = currentUserId
    AND USER_PASSWORD = currentPassword ;

    /* If a row got updated, return true, if not, return false so the code can handle it:   */
    IF(ROW_COUNT() > 0) THEN
        SET outcomeString = "THE RECORD WAS UPDATED!" ;
    ELSE
        SET outcomeString = "THERE WAS NO RECORD THAT MET THE CRITERIA TO BE UPDATED." ;
    END IF ;
END



This compiles and, given good inputs, updates the users password. Here is my procedure call:
$sql = "CALL USER_CHANGE_MY_PASSWORD('$currentUserId',password('$currentPassword'),password('$newPassword'), @outcomeString)" ;

And then I have a try/catch: if(!($result = mysql_query($sql))), etc...

But I'm having problems grabbing the return value. I presume it has something to do with bind_param(). All of the examples I see are using a lot of different techniques that I'm not up to yet. Can you point me in the right direction?

This post has been edited by Galaxy_Stranger: 05 July 2012 - 08:38 PM

Was This Post Helpful? 0
  • +
  • -

Page 1 of 1