MYSQL/PHP selecting

Question

I have 2 tables :

• newpw_ask

  email
  code
  

• users

  id
  username
  password
  email
  sid
  newpw_code
  

I have this PHP code:

$code = $_POST['code2'];
$email = mysql_query("SELECT email FROM pw_ask WHERE code='$code'");

if ($pass == $pass2) {
    if ($email) {
        $pass3 = md5($pass);

        mysql_query("UPDATE users SET password='$pass3' WHERE email='$email'");
        mysql_query("UPDATE users SET newpw_code='' WHERE email='$email'");
        mysql_query("DELETE FROM pw_ask WHERE code='$code'");

        header("Location: index.php?ret=pw");
    } else {
        echo 'Wrong code';
    }
}

Only this query got executed:

mysql_query("DELETE FROM pw_ask WHERE code='$code'");

Also when I enter the right code, it says “Wrong code”.

Answer 1

You need to select the email correctly :

$sql    = mysql_query("SELECT email FROM pw_ask WHERE code='$code'");
$row    = mysql_fetch_array($sql);
$email  = $row['email'];

btw you can also update multiple fields in 1 query :

mysql_query("UPDATE users SET password='$pass3' , newpw_code='' where email='$email'");