Does anyone have a 'safe' I forgot my password script?
I utilize vqregister to allow users to sign-up, so I have their original
email address, and I also have a 'secret word' they've provided.
phpMember Just does:
$result=mysql_fetch_array(mysql_db_query($db_name, SELECT * FROM
$tbl_member
On Jul 22, 2004, at 10:54 AM, Rick Romero wrote:
phpMember Just does:
$result=mysql_fetch_array(mysql_db_query($db_name, SELECT * FROM
$tbl_member WHERE login = '$login'
));
But that doesn't seem safe to me.
What if I enter this for login:
fred'; DELETE * FROM vpopmail WHERE username != 'fred