• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 238
  • Last Modified:

PHP if not quite working

Hi i have the following PHP script which , after a bit a tweeking isn't working anymore:

//Connect to database

mysql_connect ( $dbhost, $dbuser, $dbpass)or die("Could not connect: ".mysql_error());
mysql_select_db($dbname) or die(mysql_error());

   
// QUERY
$query = 'SELECT password FROM users1 WHERE email = \''.$_POST['email'].'\' LIMIT 1';
$result = mysql_query($query) or die ('Query failed: ' . mysql_error());
 

$line = mysql_fetch_array($result, MYSQL_ASSOC);
if (!$line) {
    $error = "Email Not Found in Database";
    require_once("forgetpass.php");
}else{  

After an email address has been found the script moves on to Mail the user the password.

What i get is the error "Not Found in Database", even when i know there is an email address.

Where have i gone wrong?

Hope someone can advise...

Anthony
0
d10u4v
Asked:
d10u4v
  • 3
  • 3
1 Solution
 
steelseth12Commented:
try print the email before the query to see it is send.

print $_POST['email'];
0
 
steelseth12Commented:
You should also use mysql_real_escape_string in any form values

$query = 'SELECT password FROM users1 WHERE email = \''.mysql_real_escape_string($_POST['email']).'\' LIMIT 1';

and you can use mysql_fetch_assoc instead of mysql_fetch_array($result, MYSQL_ASSOC);

$line = mysql_fetch_assoc($result);
0
 
d10u4vAuthor Commented:
the email bit works fine - the only section i altered is the code i included above.  To me it looks as though it should work, but i'm no expert.... ;)

Anthony
0
Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

 
DrNikon224Commented:
Change password to `password` as it is a reserved word in MySql. It's a good idea to use backticks on all of your table and field names. It's even better to avoid using reserved words as field/table names.
$query = 'SELECT `password` FROM `users1` WHERE `email` = \''.$_POST['email'].'\' LIMIT 1';

Open in new window

0
 
steelseth12Commented:
we know that there are no sql error because

$result = mysql_query($query) or die ('Query failed: ' . mysql_error());

would end the script.

Also there are no php errors or you would get a warning.

So the only options left are ...

either $_POST["email"] is not set ... i.e you could be sending the form via get ... in which case you would use $_GET["email"]

or your table is incorrect ...

i noticed that you are selecting from table users1 perhaps the table with the records is table users ??

0
 
d10u4vAuthor Commented:
I'M SO STUPID!

As soon as you pointed out the $_post and $_get, i look at my form and readlised that i had not renamed my textfield.  As soon as i saw 'email' in you post i realised what i had done, or not done.

Sorry to waste time.

Thank you anyway.

Anthony
0
 
d10u4vAuthor Commented:
It's not the answer beu i got me looking inthe right place, and made me realise my error.
0

Featured Post

Hire Technology Freelancers with Gigs

Work with freelancers specializing in everything from database administration to programming, who have proven themselves as experts in their field. Hire the best, collaborate easily, pay securely, and get projects done right.

  • 3
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now