...

View Full Version : basic query is showing as error



calebandchels
12-17-2010, 07:47 PM
my error said to check my syntax around here:
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'user_id, username FROM helen_back_insiders WHERE username = 'caleb' AND password' at line 1
also im using xampp php version 5.3.1


//look up the input in the DB
$query = "user_id, username FROM helen_back_insiders WHERE username = '$user_username' AND " .
"password = SHA('$user_password')";
$data = mysqli_query($dbc, $query);

myfayt
12-17-2010, 08:26 PM
Try this


//look up the input in the DB
$query = ("user_id, username FROM helen_back_insiders WHERE username = '$user_username' AND " .
"password = SHA('$user_password')");
$data = mysqli_query($dbc, $query);

calebandchels
12-17-2010, 08:38 PM
No it didnt help. It looks like my password is not being received by the query and i dont know why? the error picks my username up as caleb but its not displaying the password i input?????

Here is my full code

<?php
require_once('connect_vars.php');


//clear error msg
$error_msg = "";

//If user is not logged in, try to log them in.
if (!isset($_COOKIE['user_id'])){
if(isset($_POST['submit'])){

//connect to the database.
$dbc = mysqli_connect($DB_HOST, $DB_USER, $DB_PASSWORD, $DB_NAME);

//grab login data.
$user_username = mysqli_real_escape_string($dbc, trim($_POST['username']));
$user_password = mysqli_real_escape_string($dbc, trim($_POST['password']));

//check to see if data is entered into the vars
if (!empty($user_username) && !empty($user_password)){
//look up the input in the DB
$query = ("user_id, username FROM helen_back_insiders WHERE username = '$user_username' AND " .
"password = SHA('$user_password')");
$data = mysqli_query($dbc, $query);

if(mysqli_num_rows($data) == 1){
//login is good set the cookies
$row = mysqli_fetch_array($data);
setcookie(user_id, $row['user_id']);
setcookie(username, $row['username']);
$home_url = 'http://' . $_SERVER['HTTP_HOST'] . dirname($_SERVER[PHP_SELF]) . '/index.php';
header ('Location: ' . $home_url);
}//end if
else{
//username/password are incorrect send an error msg.
$error_msg = 'Sorry you must enter a valid username and password';
}//end else
}//end if
if(mysqli_error($dbc)) exit($q.'<br>'.mysqli_error($dbc));
else{
//username/password are empty send error msg
$error_msg = 'Please fill in a login and username.';
}//end else
}//end if
}//end if
?>
<?php
//if not logged in, show any error message and show the form.
if (empty($_COOKIE['user_id'])){
echo '<p class = "error">' . $error_msg . '</p>';
?>

<form method = "post"
action = "<?php echo $_SERVER['PHP_SELF']; ?>"
onSubmit = "return Validate_login()">
<fieldset>
<legend></legend>
<label for = "username">username: </label>
<input type = "text"
id = "username"
name = "username"
value = "<?php if (!empty($user_username)) echo $user_username; ?>" />
<label for = "password">password: </label>
<input type = "password"
id = "password"
name = "password" />
<input type = "submit"
id = "submit"
name = "submit"
value = "Login" />

</fieldset>
</form>
<?php
}//end if
else {
//confirm the login to the user
echo ('<p class = "login">Your are logged in as ' . $_COOKIE['username'] . '.</p>');
}
?>

Inigoesdr
12-17-2010, 09:17 PM
You need a "SELECT" at the beginning of your query:

$query = 'SELECT `user_id`, `username` FROM `helen_back_insiders` WHERE `username` = \'' . $user_username . '\' AND `password` = \'' . sha1($user_password) . '\'';

calebandchels
12-17-2010, 09:19 PM
I knew it was something retarded. It still seems like its not picking my password im getting the error saying my fields are blank

calebandchels
12-17-2010, 09:25 PM
Its getting my form data but i guess my pass isn't working did I use SHA correctly. in my db it shows as numbers but when i echo it back into an input value it shows my reg pass. The only thing I can think is SHA is incorrect somewhere!

calebandchels
12-17-2010, 10:10 PM
I can't seem to get these cookies to set for the life of me.

calebandchels
12-17-2010, 10:18 PM
figured it out thanks for help guys! I just removed the SHA attribute and didnt code the passwords in the db!



EZ Archive Ads Plugin for vBulletin Copyright 2006 Computer Help Forum