1

I'm working on a script to send a forgot password link to a users email address. I created a table called "recoveryemails_enc" that will hold the users email address, Key, and a expdate. The users email address is pulled from my "users" table. When I run the script, it creates the proper link with the key and expiration date but the data is not being inserted into the database. Here is my code below. I'm not sure what I'm doing wrong. 

$result = mysql_query("SELECT email from users WHERE email = '$email' AND active='1'") or die(mysql_error());       
    $expFormat = mktime(date("H"), date("i"), date("s"), date("m")  , date("d")+3, date("Y"));
    $expDate = date("Y-m-d H:i:s",$expFormat);
    $key = md5($email . rand(0,10000) .$expDate);                    
    $no_of_rows = mysql_num_rows($result);                    
    if ($no_of_rows > 0) { 
        $result = mysql_fetch_array($result);      
        $query = mysql_query("INSERT INTO recoveryemails_enc(email, Key, expDate) VALUES('$email', '$key', '$expDate')");
        $passwordLink = "<a href=\"?a=recover&email=" . $key . "&u=" . urlencode(base64_encode($email)) . "\">http://www.mywebsite.com/forgotpw.php?a=recover&email=" . $key . "&u=" . urlencode(base64_encode($email)) . "</a>";

Edit command I used to create my table:

CREATE TABLE IF NOT EXISTS `recoveryemails_enc` (

ID bigint(20) unsigned zerofill NOT NULL auto_increment,
email bigint(20) NOT NULL,
Key varchar(32) NOT NULL,
expDate datetime NOT NULL,
PRIMARY KEY (ID)
) ENGINE=InnoDB DEFAULT CHARSET=latin1 AUTO_INCREMENT=1 ;

Improve this question
6
  • Why is a PHP script to insert data into a database tagged as android? Commented Oct 14, 2013 at 3:34
  • 3
    Did you try to directly execute your query? Commented Oct 14, 2013 at 3:56
  • 1
    Can you provide your table schema? A mismatch is column names/typos will prevent the insert as well. If error reporting is turned off, you won't see helpful messages. Commented Oct 14, 2013 at 4:19
  • As a sidenote, you will save debugging time and script processing time, by creating your URL first $url = '?blabla='.$key etc, and then passing it to your <a>: $passwordLink = '<a href="'.$url.'">'.$url.'</a>' Commented Oct 14, 2013 at 4:31
  • Learn to use the mysql_error() function to check if your sql statement failed. It might save you lots of debugging time Commented Oct 14, 2013 at 5:25

2 Answers 2

Reset to default
3

Your problem lies within the query itself.

$query = mysql_query("INSERT INTO recoveryemails_enc(email, Key, expDate) VALUES('$email', '$key', '$expDate')");

Key is a protected word

try this query instead

$query = mysql_query("INSERT INTO recoveryemails_enc(`email`, `Key`, `expDate`) VALUES('$email', '$key', '$expDate')");
Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

0

Issue is with mysql query, try this:

$query = mysql_query("INSERT INTO recoveryemails_enc(`email`, `Key`, `expDate`) VALUES('".$email."', '".$key."', '".$expDate."')");
Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.