[vchkpw] vqregister / send password

Does anyone have a 'safe' I forgot my password script? I utilize vqregister to allow users to sign-up, so I have their original email address, and I also have a 'secret word' they've provided. phpMember Just does: $result=mysql_fetch_array(mysql_db_query($db_name, SELECT * FROM $tbl_member

Re: [vchkpw] vqregister / send password

On Jul 22, 2004, at 10:54 AM, Rick Romero wrote: phpMember Just does: $result=mysql_fetch_array(mysql_db_query($db_name, SELECT * FROM $tbl_member WHERE login = '$login' )); But that doesn't seem safe to me. What if I enter this for login: fred'; DELETE * FROM vpopmail WHERE username != 'fred