Re: Sometime the code works and sometimes doesn't

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 




Hi,

Here is a code for PHP password sending. There is some strange thing
happening. This code DOES WORK but not always. So I might be able to get the
password in my mailbox once but not always. What could be wrong.

<?
   // database information
$host = 'xxx'; $user = 'xxx';
   $password = 'xxx';
   $dbName = 'xxx';

   // connect and select the database
		$conn = mysql_connect($host, $user, $password) or die(mysql_error());
		$db = mysql_select_db($dbName, $conn) or die(mysql_error());

// value sent from form
$emailAddress=$_POST['emailAddress'];

$sql="SELECT password FROM mytable WHERE emailAddress='$emailAddress'";
$result=mysql_query($sql);

BTW I think that this vulnerable to SQL injection.

So don't put this piece of code in a real as is. Instead escape before making the query with mysql_escape_string:

http://www.php.net/manual/en/function.mysql-escape-string.php

// keep value in variable name "$count"
$count=mysql_num_rows($result);

// compare if $count =1 row
if($count==1){

$rows=mysql_fetch_array($result);

// keep password in $your_password
$your_password=$rows['password'];

$subject="Your password is retrieved";

$header="from: Great Site<no-reply@xxxxxxxxxxxx>";

$messages= "Hi \n\n Your password for login to our website is
retrieved.\n\n";
$messages.="Your password is '$your_password' \n\n";
$messages.="You can use this password";

// send email
$sentmail = mail($emailAddress, $subject, $messages, $header);
}
// else if $count not equal 1
else {
echo "Not found your email in our database";
}

// if your email succesfully sent
if($sentmail){
echo "Your Password Has Been Sent To Your Email Address.";
}
else {
echo "Cannot send password to your e-mail address";
}
 ?>

There must be something that I am doing wrong. Otherwise I could have always
gotten the password in my mailbox. Please help.

Thanks in advance,

Chris

--
Thodoris


--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php


[Index of Archives]     [PHP Home]     [Apache Users]     [PHP on Windows]     [Kernel Newbies]     [PHP Install]     [PHP Classes]     [Pear]     [Postgresql]     [Postgresql PHP]     [PHP on Windows]     [PHP Database Programming]     [PHP SOAP]

  Powered by Linux