0

I have some php code where I want a user to enter their email address, check it against the database then send the username associated with that email address to the user. Basically a 'forgot username' feature.

I have the following code so far, which will send en email but inside the email it reads Your username is: And that's it. The $username variable isn't being passed to the email for some reason. I am new enough to PHP so any help would be greatly appreciated.

<?php

if(isset($_POST['submit'])){

    $email = $_POST['email'];

    if($email==''){
    echo "<script>alert('Please enter email address!')</script>";
    exit();
    }

    $sql=mysql_query("select user_name from users where user_email='$email'");
     if(mysql_num_rows($sql)>=1)
       {
        //echo "<script>alert('Username $user_name already exist in our database, please try another one!')</script>";
        $username = $row[0];


        $subject = 'Forgotten Username';
        $message = 'Your username is: '.$username.'';
        $header = 'Header';

        if($_POST){    
        mail($email, $subject, $message, $header);
        $feedback = 'Thanks for contacting us! We will be in contact soon!';
            }
       }
     else {
     echo "<script>alert('Email doesn't exist')</script>";
     }
}
?>

HTML

<form method='post' action='forgotusername.php'>
        <table width='400' border='5' align='center'> 

        <tr>    
            <td align='center'>Enter your email address</td>
            <td><input type="text" name="email" style="width: 200px;" /></td>
        </tr>

        </table>
        <input type='submit' name='submit' value='Post' />
    </form>
user3225430
  • 1
  • 1
  • 1
    [**Please, don't use `mysql_*` functions in new code**](http://bit.ly/phpmsql). They are no longer maintained [and are officially deprecated](http://j.mp/XqV7Lp). See the [**red box**](http://j.mp/Te9zIL)? Learn about [*prepared statements*](http://j.mp/T9hLWi) instead, and use [PDO](http://php.net/pdo) or [MySQLi](http://php.net/mysqli) - [this article](http://j.mp/QEx8IB) will help you decide which. If you choose PDO, [here is a good tutorial](http://j.mp/PoWehJ). – Charles Jan 22 '14 at 22:02
  • 1
    @Charles More important: it’s vulnerable to SQL injections. Learn [how to prevent them](http://stackoverflow.com/q/60174/53114), user3225430. – Gumbo Jan 22 '14 at 22:03

2 Answers2

1

To answer your question you need to grab the row before you can access it using mysql_fetch_row():

<?php
$row = mysql_fetch_row($sql);
$username = $row[0];

But it's more important to note that this is a very old method of accessing a mysql database.

See http://www.php.net/manual/en/function.mysql-fetch-array.php for the missing function, it'll also advice you about newer and safer methods of db access.

There is also a method mysql_real_escape_string() that you would've used to escape the email variable, but there are improved methods available.

garoevans
  • 155
  • 4
0

You need to execute mysql_fetch_row 

if(isset($_POST['submit'])){

    $email = $_POST['email'];

    if($email==''){
    echo "<script>alert('Please enter email address!')</script>";
    exit();
    }

    $sql=mysql_query("select user_name from users where user_email='$email'");
     if(mysql_num_rows($sql)>=1)
       {
        $row = mysql_fetch_row($sql);
        //echo "<script>alert('Username $user_name already exist in our database, please try another one!')</script>";
        $username = $row[0];


        $subject = 'Forgotten Username';
        $message = 'Your username is: '.$username.'';
        $header = 'Header';

        if($_POST){    
        mail($email, $subject, $message, $header);
        $feedback = 'Thanks for contacting us! We will be in contact soon!';
            }
       }
     else {
     echo "<script>alert('Email doesn't exist')</script>";
     }
}
?>
Hüseyin BABAL
  • 15,400
  • 4
  • 51
  • 73