Does anyone have a 'safe' "I forgot my password" script?

I utilize vqregister to allow users to sign-up, so I have their original
email address, and I also have a 'secret word' they've provided.

phpMember Just does:
$result=mysql_fetch_array(mysql_db_query($db_name, "SELECT * FROM
$tbl_member WHERE login = '$login'"

But that doesn't seem safe to me.  The input is never sanitized...
especially for vqregister, where a user could potentially pick an
already used user name who's been deleted - then I just want the last
row, but still - isn't it possible to stick a join in there or

Any ideas on this subject?


Reply via email to