Forgot password - script - please help my first month in php

PHP
1

I have recently decided to take the plunge and try my hand at php, Ia m enjoying it and I have so far created a login/logout and register page.

But I am having trouble with the forgot password script. Please can you help and be kind as it is my first time posting.
This is the error that i am getting Warning: mysql_fetch_array(): supplied argument is not a valid MySQL result resource in


<?php

if (isset($_POST['submit']))
{	
	
	mysql_connect("host", username", "password") or die("could not connect to the database");
	mysql_select_db("db_name") or die("could not select database");

	
	$username = $_POST['username'];
	$email = $_POST['email'];

	
	$sql = mysql_query("SELECT * FROM `users` WHERE `username` = '$username' AND `email` = '$email'");
	$result = mysql_num_rows($sql);

	
	if (!$result)
	{
		die (mysql_error());
	}

	
	if ($result == 1)
	{
		$rows = mysql_fetch_array($result);
		$password = $rows['password'];
		$email = $rows['email'];
		$subject ="Password request";
		$header = "from: omarmuzaffar@live.co.uk";
		$body = "Your password is " . $password;

		mail ($email, $subject, $header, $body);
		print("an email containning the password has been sent to you");
	}else
	{
		echo ("No such user exists in the system. Please try again");
	}

}

?>

<html>
<head>
	<title>
		forgot password form
	</title>
</head>
	<body>
		<form action = "<?php $_SERVER['PHP_SELF'];?>" method = "POST">
			<p>
				<label for = "username">Username:</label>
				<input type = "text" name = "username" />
			</p>
			<p>
				<label for = "email">Email:</label>
				<input type = "text" name = "email" />
			</p>
			<p>
				<input type = "submit" name="submit" />
				<input type = "reset" name = "reset" />
			</p>
		</form
	</body>
</html>
2

You have provided inappropriate resources to mysql_fetch_array() , it should be query result you have given the number of mysql query-result.

correction : $rows = mysql_fetch_array($sql);

3 
<?php

// for your development, set to true.
// When in production, set to false
define('DEBUGMODE', 'true');

...
// avoid SQL injection
$username = e($username);
$email = e($email);
$sql = mysql_query("SELECT * FROM `users` WHERE `username` = '$username' AND `email` = '$email'") or die( DEBUGMODE ? mysql_error() : 'Server error' );
...

function e( $s ) {
    $s = stripslashes($s);
    return mysql_real_escape_string($s);
}

?>
4

Thank you so much it works but the only thing is that as i mentioned before the mail does not get sent and the message with print does not get sent

5

are you testing it on local server ?
because as i know it doesn’t work on local server.

6

WHooo hoo!!! Thanks for the help rich. It works now

7

thanks for such a reply.this will encourage me to help others too if i could do so.