d10u4v
asked on
PHP if not quite working
Hi i have the following PHP script which , after a bit a tweeking isn't working anymore:
//Connect to database
mysql_connect ( $dbhost, $dbuser, $dbpass)or die("Could not connect: ".mysql_error());
mysql_select_db($dbname) or die(mysql_error());
// QUERY
$query = 'SELECT password FROM users1 WHERE email = \''.$_POST['email'].'\' LIMIT 1';
$result = mysql_query($query) or die ('Query failed: ' . mysql_error());
$line = mysql_fetch_array($result, MYSQL_ASSOC);
if (!$line) {
$error = "Email Not Found in Database";
require_once("forgetpass.p hp");
}else{
After an email address has been found the script moves on to Mail the user the password.
What i get is the error "Not Found in Database", even when i know there is an email address.
Where have i gone wrong?
Hope someone can advise...
Anthony
//Connect to database
mysql_connect ( $dbhost, $dbuser, $dbpass)or die("Could not connect: ".mysql_error());
mysql_select_db($dbname) or die(mysql_error());
// QUERY
$query = 'SELECT password FROM users1 WHERE email = \''.$_POST['email'].'\' LIMIT 1';
$result = mysql_query($query) or die ('Query failed: ' . mysql_error());
$line = mysql_fetch_array($result,
if (!$line) {
$error = "Email Not Found in Database";
require_once("forgetpass.p
}else{
After an email address has been found the script moves on to Mail the user the password.
What i get is the error "Not Found in Database", even when i know there is an email address.
Where have i gone wrong?
Hope someone can advise...
Anthony
You should also use mysql_real_escape_string in any form values
$query = 'SELECT password FROM users1 WHERE email = \''.mysql_real_escape_stri ng($_POST[ 'email']). '\' LIMIT 1';
and you can use mysql_fetch_assoc instead of mysql_fetch_array($result, MYSQL_ASSOC);
$line = mysql_fetch_assoc($result) ;
$query = 'SELECT password FROM users1 WHERE email = \''.mysql_real_escape_stri
and you can use mysql_fetch_assoc instead of mysql_fetch_array($result,
$line = mysql_fetch_assoc($result)
ASKER
the email bit works fine - the only section i altered is the code i included above. To me it looks as though it should work, but i'm no expert.... ;)
Anthony
Anthony
Change password to `password` as it is a reserved word in MySql. It's a good idea to use backticks on all of your table and field names. It's even better to avoid using reserved words as field/table names.
$query = 'SELECT `password` FROM `users1` WHERE `email` = \''.$_POST['email'].'\' LIMIT 1';
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
I'M SO STUPID!
As soon as you pointed out the $_post and $_get, i look at my form and readlised that i had not renamed my textfield. As soon as i saw 'email' in you post i realised what i had done, or not done.
Sorry to waste time.
Thank you anyway.
Anthony
As soon as you pointed out the $_post and $_get, i look at my form and readlised that i had not renamed my textfield. As soon as i saw 'email' in you post i realised what i had done, or not done.
Sorry to waste time.
Thank you anyway.
Anthony
ASKER
It's not the answer beu i got me looking inthe right place, and made me realise my error.
print $_POST['email'];