help me in display data from database

elle_girl

I does not know why when i click the button request a new token it does not appear the token from the database(for example edhvy) but it appear this stuff $crypt_pass. Can you help me see my coding in the display token part?

<?php

$page_title = 'Request A Token';

if(isset($_POST['submit'])) {

// handle submission. this is s one-time only form
// so there will be no problems with handling errors.

// Register the user in the database.
require_once ('./mysql_connect.php'); // Connect to the db.

// Create a function for escaping the data.
function escape_data ($data) {
	global $dbc; // Need the connection.
	if (ini_get('magic_quotes_gpc')) {
		$data = stripslashes($data);
	}
	return mysql_real_escape_string($data, $dbc);
} // End of function.

$message = NULL; // Create an empty new variable.

// Check for the account number.
if (empty($_POST['account_no'])) {
	$an = FALSE;
	$message .= '<p>You forgot to enter your account number!</p>';
} else {
	$an = escape_data($_POST['account_no']);
}

if ($an) {

	// Register the user in the database.
	require_once ('./mysql_connect.php'); // Connect to the db.

	$an =addslashes($_POST['account_no']);
	$query = "SELECT * FROM customer_bank where account_no = '$an'";
	$result = mysql_query($query);
	$token =mysql_num_rows($result);

	if ($token == 1) {
	//general random password
		$alphanum =  array('a','b','c','d','e','f','g','h','i','j','k','l','m','n','o','p','q','r','s','t','u','v','w','x','y','z','A','B','C','D','E','F','G','H','I','J','K,','L','M','N','O','P','Q','R','S','T','U','V','W','X','Y','Z','1','2','3','4','5','6','7','8','9','0');
		$chars = sizeof ($alphanum);
		$a = time();
		mt_srand($a);
		for ($i=0; $i < 6; $i++) {
			$randnum = intval (mt_rand(0,56));
			$token .= $alphanum[$randnum];
		}
		//one-way encrypt it
		$crypt_pass = md5($token);

		//put the temp password in the db
		$query1 = "UPDATE customer_bank SET token = '$crypt_pass' where account_no = '$an'";
		$result1 = mysql_query($query1) or die('cannot complete update');

		// DISPLAY THE TOKEN
		echo '<b>you recently requested that we send your request token for Example.com.Your request token is: $crypt_pass.</b>';



	} else {
		//the email address isn't good,they lose.
		$message = '<p>You enter invalid account number.</p>';
	}
}

}

// Print the error message if there is one.
if (isset($message)) {
echo '<font color="red">', $message, '</font>';
}
?>

<form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post">
<p><b>Request your token? </b> Don't worry simply enter account number below, and we will provide you your new token.<br><i>Please use account number you provided when you registered.</a>.</i></p>

<p><b>Account number:</b> <input type="text" name="account_no" size="50" maxlength="50" value="<?php if (isset($POST['account_no'])) echo $POST['account_no']; ?>" /></p>

</form>

laserlight

The problem lies with:

 echo '<b>you recently requested that we send your request token for Example.com.Your request token is: $crypt_pass.</b>';

Basically, in order for $crypt_pass within the string to be parsed, the string should be double quoted, not single quoted.

Conversely, you could concatenate the string and variable, or perhaps take advantage of echo's ability to take multiple parameters and use commas instead of the dot for concatenation.