Jump to content

Recommended Posts

In my login.php file I got a forgot password text field as well so the user can put their email address in and have a email sent containing their password

 

But am getting the following error and have no idea why

 

Login Failed. You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '' WHERE 'username' ='.'' at line 1

 

Any ideas

 

Thank you in advance

 

Ian

Link to comment
https://forums.phpfreaks.com/topic/273692-forgot-password-help/
Share on other sites

Hi white lily you ok

 

Yeah sure it is below

 

<div id="forgotpw">
Forgot Password - use form below to reset the password
<br>
<form name="forgot" method="post" action="<?php $_SERVER['PHP_SELF'];?>"> 
<p><label for="email">Email:</label> 
<input name="email" type="text" value="<?=$email; ?>" size="25"/> 
</p> 
<input type="submit" name="submit" value="submit"/> 
<input type="reset" name="reset" value="reset"/> 
</form> 
</div>

 

AND THIS AS WELL I THINK

 

$row=mysql_fetch_array($query); 
$password=$row["password"]; 
$email=$row["email"]; 
$subject="your password"; 
$header="from:noreply@cptevents4.co.uk"; 
$content="your password is $password"; 
mail($email, $subject, $row, $header); 
print "An email containing the password has been sent to you"; 
   } 
else  
   { 
   echo("no such login in the system. please try again."); 
   } 

at the end of all your queries within your code, put:

 

or die(mysql_error());

 

Also try this:

 

print_r($queryVariable);

EDIT: make sure the values of this output are what you expect, if not then there is a problem with your query.

 

PS: Something that MIGHT also create this error "illegal characters" for MySQL, so you could try escaping all inputs with:

 

mysql_real_escape_string();

Edited by White_Lily

I strongly recommend that you read this article about secure login systems, you should never store passwords in clear text in your database.

 

If you want a reason why: Just search the net for "password leak", and then reflect on how many sites you're using the same e-mail/username and password combination on.

This bit of code tells a different story:

$row=mysql_fetch_array($query); 
$password=$row["password"]; 

 

If you properly hashed and salted a password, it would be impossible to get back the original password. Hashing is a one-way operation, after all. Meaning that you'd have to generate a completely new and random password for the users, if they forgot their original password. (Or send them a password reset link, which they could use to set a new password.)

 

Though, if the password appears to be hashed in the DB, it may very well just have been encrypted using MySQL ENCRYPT() function. Which pretty much exactly the same as storing it in clear text.

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.