new to php here so i apologize if the solution is super simple. I'm working on a password reset page, it will be the page the user lands on after clicking the email with the token. the issue is the form is not sending the value of $token, its just sending the string.
<?php
if(isset($_GET["email"]) && isset($_GET["token"])) {
$connection = new mysqli("localhost", "USER", "PASSWORD", "USERDB");
$email = $connection->real_escape_string($_GET["email"]);
$token = $connection->real_escape_string($_GET["token"]);
$data = $connection->query("SELECT user_id FROM users WHERE user_email='$email' AND user_token='$token'");
if ($data->num_rows > 0) {
echo '<html>
<head>
<meta charset="UTF-8">
<title>Change Password</title>
<link rel="stylesheet" href="../css/style.css" media="screen" type="text/css" />
</head>
<body>
<div class="reset">
<h1>Password reset</h1>
<form action="anotherpage.php" method="POST">
<input type="password" name="pwd" placeholder="Password">
<input type="hidden" name="token" value="$token">
<input type="submit" name="submit" class="submit" value="Update">
</form>
</body>
</html>';
} else {
echo "Please check your link!";
}
} else {
header("Location: ../");
exit();
}
?>