Jon W
01-14-2008, 03:02 AM
I've seem to be getting a mysql_error saying: Database error: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ')' at line 1.
-------
I'm not to sure what that means, and I was wondering if you guys could help me out. This PHP script is meant for a Password Recovery system, (i.e forgot password). So how it works is that the User is suppose to type in his/hers email address and when the user types his/her Email address, then the script is suppose to check the table users to see if there is a email that matchs the email that was typed inside of the input. If it does, then its suppose to insert the info that was typed in the input, the random_key (That will be used to verify the persons email address) and the IP. And then send a email out with the info that I want to be displayed in the email and then the link of course that will lead to the next page that will check and see if the random key is the same key that is in the database, if so, then bring up a field that the User then an UPDATE his/hers Password to his/hers likings.
<?php
$random_key = md5(uniqid(rand(), true));
if(isset($_POST['submit']))
{
if($_POST['email'] !='')
{
include("db.php");
$query = mysql_query("SELECT email, username, id FROM users WHERE email = '".mysql_real_escape_string($_POST['email'])."')") or die('Database error: ' .mysql_error());
$row = mysql_fetch_assoc($query);
if($row['email'] == $_POST['email'])
{
$sql = mysql_query("INSERT INTO recovery (`id`, `username`, `random_key`, `ip`) VALUES('', '".mysql_real_escape_string($row['username'])."', '".$random_key."', '".$_SERVER['REMOTE_ADDR']."')") or die('Database error: ' .mysql_error());
$subject = 'Password Recovery';
$header = 'TopGameHQ';
$message = 'Dear '.$row['username'].', \r\n\r\n Here is the Password Recovery that you have requested. Please click this link to comfirme your Email Address: http://topgamehq.com/site/change_pass.php?id='.$row['id'].'&key='.$random_key.'';
mail($_POST['email'], $subject, $message, $header);
}
else
{
$error = 'This Email does not exist in our Database.';
}
}
else
{
$error = 'Please fill in your Email Address';
}
}
?>
-------
I'm not to sure what that means, and I was wondering if you guys could help me out. This PHP script is meant for a Password Recovery system, (i.e forgot password). So how it works is that the User is suppose to type in his/hers email address and when the user types his/her Email address, then the script is suppose to check the table users to see if there is a email that matchs the email that was typed inside of the input. If it does, then its suppose to insert the info that was typed in the input, the random_key (That will be used to verify the persons email address) and the IP. And then send a email out with the info that I want to be displayed in the email and then the link of course that will lead to the next page that will check and see if the random key is the same key that is in the database, if so, then bring up a field that the User then an UPDATE his/hers Password to his/hers likings.
<?php
$random_key = md5(uniqid(rand(), true));
if(isset($_POST['submit']))
{
if($_POST['email'] !='')
{
include("db.php");
$query = mysql_query("SELECT email, username, id FROM users WHERE email = '".mysql_real_escape_string($_POST['email'])."')") or die('Database error: ' .mysql_error());
$row = mysql_fetch_assoc($query);
if($row['email'] == $_POST['email'])
{
$sql = mysql_query("INSERT INTO recovery (`id`, `username`, `random_key`, `ip`) VALUES('', '".mysql_real_escape_string($row['username'])."', '".$random_key."', '".$_SERVER['REMOTE_ADDR']."')") or die('Database error: ' .mysql_error());
$subject = 'Password Recovery';
$header = 'TopGameHQ';
$message = 'Dear '.$row['username'].', \r\n\r\n Here is the Password Recovery that you have requested. Please click this link to comfirme your Email Address: http://topgamehq.com/site/change_pass.php?id='.$row['id'].'&key='.$random_key.'';
mail($_POST['email'], $subject, $message, $header);
}
else
{
$error = 'This Email does not exist in our Database.';
}
}
else
{
$error = 'Please fill in your Email Address';
}
}
?>