Hi,
Here is a code for PHP password sending. There is some strange thing
happening. This code DOES WORK but not always. So I might be able to get the
password in my mailbox once but not always. What could be wrong.
<?
// database information
$host = 'xxx';
$user = 'xxx';
$password = 'xxx';
$dbName = 'xxx';
// connect and select the database
$conn = mysql_connect($host, $user, $password) or die(mysql_error());
$db = mysql_select_db($dbName, $conn) or die(mysql_error());
// value sent from form
$emailAddress=$_POST['emailAddress'];
$sql="SELECT password FROM mytable WHERE emailAddress='$emailAddress'";
$result=mysql_query($sql);
BTW I think that this vulnerable to SQL injection.
So don't put this piece of code in a real as is. Instead escape before
making the query with mysql_escape_string:
http://www.php.net/manual/en/function.mysql-escape-string.php
// keep value in variable name "$count"
$count=mysql_num_rows($result);
// compare if $count =1 row
if($count==1){
$rows=mysql_fetch_array($result);
// keep password in $your_password
$your_password=$rows['password'];
$subject="Your password is retrieved";
$header="from: Great Site<no-reply@xxxxxxxxxxxx>";
$messages= "Hi \n\n Your password for login to our website is
retrieved.\n\n";
$messages.="Your password is '$your_password' \n\n";
$messages.="You can use this password";
// send email
$sentmail = mail($emailAddress, $subject, $messages, $header);
}
// else if $count not equal 1
else {
echo "Not found your email in our database";
}
// if your email succesfully sent
if($sentmail){
echo "Your Password Has Been Sent To Your Email Address.";
}
else {
echo "Cannot send password to your e-mail address";
}
?>
There must be something that I am doing wrong. Otherwise I could have always
gotten the password in my mailbox. Please help.
Thanks in advance,
Chris
--
Thodoris
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
