coop Posted September 5, 2007 Share Posted September 5, 2007 Hi all, I'm having real problems with this code that creates a new password for a customers account and then emails it to them (if they have forotten there password when loggin in 0). The code tests if the email is in the database which seem to work fine, then generates a random 7 character password which works, and then emails this to the email which also works. The problem is it's not being updated in the database. This has been driving me med all day so any help would be much appreicated. The code uses a database class that acts the same as the mysqli class. [pre] <?php require_once('database.php'); require('phpmailer/class.phpmailer.php'); if (!get_magic_quotes_gpc()) { foreach($_POST as $key=>$value) { $temp = addslashes($value); $_POST[$key] = $temp; } } $db = new Database('localhost','root','root','Test'); $sql = 'SELECT * FROM Customers WHERE userMail = "'.$_POST['user_Mail'].'"'; $result = $db->query($sql); $numRows = $result->num_rows; if($numRows < 1){ $noEmail = 'That email is not in the database.'; echo 'notHere=y&message='.urlencode($noEmail); }else{ $row = $result->fetch_assoc(); $username = $row["userName"]; //echo $username; $rand_string = ''; for($a=0;$a<7;$a++){ do{ $newrand = chr(rand(0,256)); } while(!eregi("^[a-z0-9]$",$newrand)); $rand_string .= $newrand; } $pwd_to_insert = md5($rand_string); $sqlUpdate = 'UPDATE Customers SET userPassword = "$pwd_to_insert" WHERE userName = "$username" AND userMail = "'.$_POST['user_Mail'].'"'; $mail = new PHPMailer(); $mail->IsSMTP(); $mail->Host = "smtp.mysite.com"; $mail->Mailer = "smtp"; $mail->From = "sales@mysite.co.uk"; $mail->AddAddress("me@mysite.com"); $mail->Subject = "Login password"; $mail->Body = "\n\n\n\nYou requeted that a new password be sent to ".$_POST['user_Mail']."\n\n"."User Name : ".$username."\n\nYour new password is : ".$rand_string."\n\n\n\nIf you have further problems please contact the mysite support staff."; $mail->WordWrap = 50; if(!$mail->Send()){ $noEmail = 'Email not sent'; echo 'Mailer Error: ' . $mail->ErrorInfo; }else{ $emailSent = 'Email sent'; echo 'email=y&message'.urlencode($emailSent); } } ?> [/pre] Quote Link to comment Share on other sites More sharing options...
recklessgeneral Posted September 5, 2007 Share Posted September 5, 2007 Hi coop, You'll have to break out of the quotes in your sqlUpdate string to substitute the values for username and password, like so: $sqlUpdate = 'UPDATE Customers SET userPassword = "' . $pwd_to_insert . '" WHERE userName = "' . $username . '" AND userMail = "'.$_POST['user_Mail'].'"'; By using single quotes for your literal string, the variables are not expanded unlike double-quoted strings. Cheers, Darren. Quote Link to comment Share on other sites More sharing options...
coop Posted September 5, 2007 Author Share Posted September 5, 2007 Thanks Darren, Could you explain why this works - I'm newish to php and some things aren't making sense. I know the difference with single and double quotes - if it's double quotes the value of the variable is parsed, but here you have " ' ' " - single quotes within double quotes. Thanks for you time. c. Quote Link to comment Share on other sites More sharing options...
Jessica Posted September 5, 2007 Share Posted September 5, 2007 Not really. He has double quotes inside the string. It's how to make a string inside a string basically, for SQL. I would do it this way: $sqlUpdate = "UPDATE Customers SET userPassword = '$pwd_to_insert' WHERE userName = '$username' AND userMail = '".$_POST['user_Mail']."'"; It's the same thing. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.