Updating SQL database using PHP

I am trying to make a password retrieval system on my site, and I am having problems updating the password reset field in my database. I have tried everything, but nothing seems to work.

This is my code so far:

$passwordreset = md5(mt_rand()) . md5(mt_rand()) . md5(mt_ran开发者_Go百科d());

$con = mysql_connect("localhost","XXX","XXX");
if (!$con) {
  die('Could not connect: ' . mysql_error());
}

mysql_select_db("database", $con);

mysql_query("UPDATE members SET passwordreset = $passwordreset WHERE id = $id");

When I try to insert the data I get the error:

Error: Query was empty

Any help would be appreciated, Thanks.

Not sure it's the only problem, but I'm guessing your passwordreset field is a string, in the database -- to store a concatenation of several md5, which are strings, it has to.

So, there should be quotes arround the value you put in this field, in the SQL query :

mysql_query("UPDATE members SET passwordreset = '$passwordreset' WHERE id = $id");

And, in a general case, you should escape your string values with mysql_real_escape_string :

mysql_query("UPDATE members SET passwordreset = '" 
    . mysql_real_escape_string($passwordreset) 
    . "' WHERE id = $id");

It won't change anything here, as there is no quote in a md5... But it's a good practice to always do it, to never find yourself in a situation where it was necessary and you didn't do it.

I am not sure, if you get an empty query error for this, but you need ticks around the values:

mysql_query("UPDATE members SET passwordreset = '$passwordreset' WHERE id = '$id'");

I guess the backticks around the names of the columns are missing, try:

mysql_query("UPDATE members SET `passwordreset` = '$passwordreset' WHERE `id` = '$id'");

Are the two line breaks after $passwordreset intentional? Can you try removing them?