Seaholme Posted July 5, 2010 Share Posted July 5, 2010 Hey guys, I'm trying to make a lost password tool for my site which basically works like so: you enter in your username, you get sent an email with a random key in it and at the same time a temporary record is created in the database of your account ID number and the random key. You can then use these bits of information to set a new password. I have a similar system used to validate people's accounts when they join, and so I assumed it'd be a relatively straightforward job of just editing it to work slightly differently. However, for some reason it's not working. Whenever I try to make the following work, I get this error: Error: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'key) VALUES ('4', '32a63b0d6f450d320821a51965e1b455')' at line 1 Those values are the ID number and random key. When I change it so that the key doesn't get sent, the whole thing works perfectly (apart from the fact that the key is not in the database, of course....) so that's definitely where the problem seems to be! Can anybody help me work out what's wrong? I've been staring at it for ages and failed to spot the error! //Connect to server and select databse. mysql_connect("$host", "$username", "$password")or die("cannot connect to server"); mysql_select_db("$db_name")or die("cannot select DB"); // value for username sent from form $username=$_POST['username']; // create a random key to insert into lostpasswords table $key=md5(uniqid(rand())); // retrieve the information from the players table for that username $sql="SELECT * FROM $tbl_name WHERE username='$username'"; $result=mysql_query($sql); // if the username has been found, the row must be 1 row // keep value in variable name "$count" $count=mysql_num_rows($result); // compare if $count =1 row if($count==1){ $rows=mysql_fetch_array($result); // retrieve the player ID and email address $id=$rows['id']; $email_to=$rows['email']; // Insert data into the lostpasswords table for pickup $sql2 = @mysql_query("INSERT INTO lostpasswords (id, key) VALUES ('$id', '$key')") or die("Error: ".mysql_error()); $result2=mysql_query($sql2); Thanks! Quote Link to comment Share on other sites More sharing options...
trq Posted July 5, 2010 Share Posted July 5, 2010 The word 'KEY' is a reserved word in MySql. Either (and preferred) change you field name to something else or force MySql to see it is an identifier by using `backticks`. Quote Link to comment Share on other sites More sharing options...
Seaholme Posted July 5, 2010 Author Share Posted July 5, 2010 Ah, I had no idea about that! Thanks a bunch... changed the word 'key' as you suggested x) Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.