0

I am creating a forget password system, which requires the user to input their email, and the database then receive that email. However, I keep on getting the same error even when I try multiple ways to fix it. I understand that there is an abundance of questions like this, but none of them seem to help me.

                $emailTo = $_POST["email"];

                $code = uniqid(true);
                $query = mysqli_query($conn, "INSERT INTO reset-password (code, email) VALUES (?, ?)");
                mysqli_stmt_bind_param($query, 'ss', $code, $emailTo);
                mysqli_stmt_execute($query);
                if(false === $query){
                    printf("<p> error: %s\n </p>", mysqli_error($conn));
                }
                else{
                    echo 'done';
                }

And this is the error I get: You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near '-password (code, email) VALUES (?, ?)' at line 1

Dharman
  • 30,962
  • 25
  • 85
  • 135
Sachi goel
  • 1
  • 2
  • 1
    since your table name has hyphen (i don't know why chose it instead of an underscore), it should contain identifier quotes the backtick `\`my-table-name\`` to have a correct syntax – Kevin Nov 19 '20 at 03:59
  • You need to stop manually checking for errors. Please read: [Should we ever check for mysqli_connect() errors manually?](https://stackoverflow.com/q/58808332/1839439) and [Should I manually check for errors when calling “mysqli_stmt_prepare”?](https://stackoverflow.com/q/62216426/1839439) – Dharman Nov 19 '20 at 15:25

0 Answers0