I am having a problem with my update query when users request a password reset.
It simply does nothing, It does show that the password has been reset according to the alert command, but the database does not reflect the update...
Any assistance would be great as I cannot see where I am going wrong...
if(isset($_GET["acc"]) && isset($_GET["np"])){
$acc=decrypt(htmlspecialchars($_GET["acc"]));
$np=decrypt(htmlspecialchars($_GET["np"]));
//var_dump($acc);
//var_dump($np);
$query="UPDATE `master_profile` SET `password`=? where `email_address`=?";
if ($stmt = $connection_link->prepare($query)){
// Bind the variables to the parameter as strings.
$stmt->bind_param("ss",$np,$acc);
// Execute the statement.
if($stmt->execute()){
?>
<script>
alert('Your password has been reset. Please login with your new password.');
</script>
<?
//echo "Updated {$stmt->affected_rows} rows";
}else{
echo '<h1>An Error Has Occoured. Please try again later.</h1>';
}
if ($stmt->errno) {
echo "FAILURE!!! " . $stmt->error;
}
// Close the prepared statement.
$stmt->close();
}
}
Update
Changed if($stmt->execute(array($np,$acc))){} as suggested below but it simply gives me an error An Error Has Occoured. Please try again later., How can i catch this error and report the proper error?
I have tried $stmt->error; and $connection_link->error; but both just give an empty value.
Because you are using anonymous placeholders I think you need to omit your bind statement. Instead you would place the parameters in the execute as an array and in order of appearance in the statement
if($stmt->execute(array($acc, $np)){}
You would omit this line
$stmt->bind_param("ss",$np,$acc);