I am using CodeIgniter to build my site and don't see a reason for the WHERE clause in an UPDATE query.
It's successfully updating the record, but is this okay to do? If not what are the pitfalls associated with it?
public function reset_password()
{
$salt = $this->_salt();
$this->load->library('encrypt');
$data = array(
'password' => $this->encrypt->sha1(
$salt . $this->encrypt->sha1($this->input->post('password'))
),
'salt' => $salt
);
$this->db->update('users', $data);
}
when executing an update, if you don't include a where clause, it will update all values in the table.
so in this case, everyone's password and salt will be set to this new value.