Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
I have a doubt about how I can check an URL like this:
http://your.url/set_new_password.php?userid=564979&code=54c4a2767c2f485185ab72cdcf03ab59
I need to check if the userid exists in the database and if the userid is associated to the hash in the link.
I Read that it is not possible check the url within php. If so, is it possible to solve this problem? I need to verify if the hash and userid present in the link exist in the database.
Any other alternatives?
The variables
useridandcodein the URL are made available to PHP in an array called GET:If you have a hash (or fragment) in your URL, this won’t get back to PHP:
In the above, PHP can see the domain and the
valvariable, but not#part2. Sites that use the hash to significantly change the page (eg GMail) use javascript to pull in new content when the hash changes.Be sure to sanitize your variables before using them, to avoid malicious users being able to hack into your system. This is a big topic, but read up on the following:
If you don’t sanitize, someone could change your url so that the variable is set to:
When you query your db without sanitising your inputs, you could lose all your data.