Updating SQL database using PHP

Question

I am trying to make a password retrieval system on my site, and I am having problems updating the password reset field in my database. I have tried everything, but nothing seems to work.

This is my code so far:

$passwordreset = md5(mt_rand()) . md5(mt_rand()) . md5(mt_rand());

$con = mysql_connect("localhost","XXX","XXX");
if (!$con) {
  die('Could not connect: ' . mysql_error());
}

mysql_select_db("database", $con);

mysql_query("UPDATE members SET passwordreset = $passwordreset WHERE id = $id");

When I try to insert the data I get the error:

Error: Query was empty

Any help would be appreciated, Thanks.

Answer 1

Not sure it's the only problem, but I'm guessing your passwordreset field is a string, in the database -- to store a concatenation of several md5, which are strings, it has to.

So, there should be quotes arround the value you put in this field, in the SQL query :

mysql_query("UPDATE members SET passwordreset = '$passwordreset' WHERE id = $id");

And, in a general case, you should escape your string values with mysql_real_escape_string :

mysql_query("UPDATE members SET passwordreset = '" 
    . mysql_real_escape_string($passwordreset) 
    . "' WHERE id = $id");

It won't change anything here, as there is no quote in a md5... But it's a good practice to always do it, to never find yourself in a situation where it was necessary and you didn't do it.

Answer 2

Are the two line breaks after $passwordreset intentional? Can you try removing them?

Answer 3

我不确定，如果为此收到空查询错误，但是需要在值周围打勾：

mysql_query("UPDATE members SET passwordreset = '$passwordreset' WHERE id = '$id'");

Answer 4

我猜想缺少列名周围的反引号，请尝试：

mysql_query("UPDATE members SET `passwordreset` = '$passwordreset' WHERE `id` = '$id'");