PHP- of the error but sends in the same what is requested [closed]

-1

I have the following code, if you do not make a particular request it issues an error, if there is no such error send email to the user. the problem is that in addition to appearing the error and also send the email (see the photo).

<?php
 include("config.php");
if(isset($_POST\['submit_email'\]) && isset($_POST\['email'\])) {
    $email = mysqli_real_escape_string($conn, $_POST\['email'\]);
    $sql = "SELECT * FROM registo WHERE email = '$email'";
    $r = mysqli_query($conn, $sql);
    $count = mysqli_num_rows($r);
    if($count == 1) {
        // Create new hash
        $key = hash('sha256', uniqid("", true));
        // SQL query to update user record with hash value
        $usql = "UPDATE registo set reset_key = '".$key."' where email = '".$email."'";
        if(!mysqli_query($conn, $usql)) {
            echo "Error updating database!";

        }
        // send link to user with generated key
        $link="<a href='http://unn-w17015779.newnumyspace.co.uk/reset.php?key=".$key."'>Click To Reset password</a>";
        $to = $email;
        $subject = 'Reset Password';
        $message = 'Click On This Link to Reset Password '.$link;
        $headers = 'From: Galaxy books shop <**@gmail.com>' . "\r\n" .
                   'Reply-To: **@gmail.com' . "\r\n" .
                   'X-Mailer: PHP/' . phpversion();
        // Send email
        if(mail($to, $subject, $message, $headers)){
            echo "Your reset link has been sent to your email ";
        }else{
            echo "Failed to Recover your password, try again";
        }
    } else {
        echo "User name does not exist";
    }
}
?>

    
asked by anonymous 19.05.2017 / 21:40

3 answers

1

If there is code to run even if there is an error, you can use a condition instead of exit ()

       .............
       .............
       if(!mysqli_query($conn, $usql)) {
           echo "Error updating database!";
       }else{
           // send link to user with generated key
           $link="<a href='http://unn-w17015779.newnumyspace.co.uk/reset.php?key=".$key."'>Click To Reset password</a>";
           $to = $email;
           $subject = 'Reset Password';
           $message = 'Click On This Link to Reset Password '.$link;
           $headers = 'From: Galaxy books shop <**@gmail.com>' . "\r\n" .
               'Reply-To: **@gmail.com' . "\r\n" .
               'X-Mailer: PHP/' . phpversion();
          // Send email
          if(mail($to, $subject, $message, $headers)){
              echo "Your reset link has been sent to your email ";
          }else{
              echo "Failed to Recover your password, try again";
          }
      }

    } else {
       echo "User name does not exist";
   }
}
?>

código ..........
código ..........
    
20.05.2017 / 01:21
1

As a guarantee, I add mysqli_real_escape_string to $key as it did in $email , I believe the hash does not contain ' , but may still be the failure:

$key = hash('sha256', uniqid("", true));

$keyescaped = mysqli_real_escape_string($key);

$usql = "UPDATE registo set reset_key = '".$keyescaped."' where email = '".$email."'";

And if you do not use mysqli_query to stop the code and also use exit; to find out what has failed like this:

if(!mysqli_query($conn, $usql)) {
    echo "Error updating database:", mysqli_error($conn);
    exit;
}

Or use mysqli_error like this:

mysqli_query($conn, $usql) or die("Error updating database:", mysqli_error($conn);

// send link to user with generated key
$link="<a href='http://unn-w17015779.newnumyspace.co.uk/reset.php?key=".$key."'>Click To Reset password</a>";

Another detail with problem in your question (maybe it was the edition that added this), the backslashes are die , this really seems wrong

if(isset($_POST['submit_email']) && isset($_POST['email'])) {
    $email = mysqli_real_escape_string($conn, $_POST['email']);

Or you can simplify it to:

if(isset($_POST['submit_email'], $_POST['email'])) {
    $email = mysqli_real_escape_string($conn, $_POST['email']);

After all \ can check various variables.

    
20.05.2017 / 06:55
0

You should use a exit() :

    if(!mysqli_query($conn, $usql)) {
        echo "Error updating database!";
        exit();
    }

So if you fall into this condition the error will be shown, due to echo , and would quit the code, due to exit() .

    
19.05.2017 / 22:52