Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 8 of 8
  1. #1
    Regular Coder
    Join Date
    Nov 2009
    Location
    Florida United States
    Posts
    105
    Thanks
    6
    Thanked 2 Times in 2 Posts

    basic query is showing as error

    my error said to check my syntax around here:
    You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'user_id, username FROM helen_back_insiders WHERE username = 'caleb' AND password' at line 1
    also im using xampp php version 5.3.1
    PHP Code:
    //look up the input in the DB
                
    $query "user_id, username FROM helen_back_insiders WHERE username = '$user_username' AND " 
                
    "password = SHA('$user_password')";
                
    $data mysqli_query($dbc$query); 

  • #2
    Senior Coder
    Join Date
    Apr 2010
    Posts
    1,446
    Thanks
    71
    Thanked 102 Times in 101 Posts
    Try this

    PHP Code:
    //look up the input in the DB
                
    $query = ("user_id, username FROM helen_back_insiders WHERE username = '$user_username' AND " 
                
    "password = SHA('$user_password')");
                
    $data mysqli_query($dbc$query); 

  • #3
    Regular Coder
    Join Date
    Nov 2009
    Location
    Florida United States
    Posts
    105
    Thanks
    6
    Thanked 2 Times in 2 Posts
    No it didnt help. It looks like my password is not being received by the query and i dont know why? the error picks my username up as caleb but its not displaying the password i input?????

    Here is my full code
    PHP Code:
    <?php
      
    require_once('connect_vars.php');
      
     
      
    //clear error msg
      
    $error_msg "";
      
      
    //If user is not logged in, try to log them in.
      
    if (!isset($_COOKIE['user_id'])){
        if(isset(
    $_POST['submit'])){
            
            
    //connect to the database.
            
    $dbc mysqli_connect($DB_HOST$DB_USER$DB_PASSWORD$DB_NAME);
            
            
    //grab login data.
            
    $user_username mysqli_real_escape_string($dbctrim($_POST['username']));
            
    $user_password mysqli_real_escape_string($dbctrim($_POST['password']));
            
            
    //check to see if data is entered into the vars
            
    if (!empty($user_username) && !empty($user_password)){
                
    //look up the input in the DB
                
    $query = ("user_id, username FROM helen_back_insiders WHERE username = '$user_username' AND " .  
                
    "password = SHA('$user_password')"); 
                
    $data mysqli_query($dbc$query);
                
                if(
    mysqli_num_rows($data) == 1){
                    
    //login is good set the cookies
                    
    $row mysqli_fetch_array($data);
                    
    setcookie(user_id$row['user_id']);
                    
    setcookie(username$row['username']);
                    
    $home_url 'http://' $_SERVER['HTTP_HOST'] . dirname($_SERVER[PHP_SELF]) . '/index.php';        
                    
    header ('Location: ' $home_url);        
                }
    //end if
                
    else{
                    
    //username/password are incorrect send an error msg.
                    
    $error_msg 'Sorry you must enter a valid username and password';
                }
    //end else
            
    }//end if     
            
    if(mysqli_error($dbc)) exit($q.'<br>'.mysqli_error($dbc));      
            else{
                
    //username/password are empty send error msg
                
    $error_msg 'Please fill in a login and username.';
            }
    //end else
        
    }//end if
      
    }//end if
    ?>
    <?php
            
    //if not logged in, show any error message and show the form.
            
    if (empty($_COOKIE['user_id'])){
                echo 
    '<p class = "error">' $error_msg '</p>';
            
    ?>
    Code:
    <form method = "post" 
    		      action = "<?php echo $_SERVER['PHP_SELF']; ?>"
    			  onSubmit = "return Validate_login()">
    			<fieldset>
    				<legend></legend>
    				<label for = "username">username: </label>
    				<input type = "text"
    				       id = "username"
    				       name = "username"
    					   value = "<?php if (!empty($user_username)) echo $user_username; ?>" />
    			    <label for = "password">password: </label>
    				<input type = "password"
    				       id = "password"
    					   name = "password" />
    				<input type = "submit"
    				       id = "submit"
    				       name = "submit"
    					   value = "Login"	/>				   
    					   
    			</fieldset>
    		</form>
    		<?php	
    		}//end if	
    		else {
    			//confirm the login to the user
    			echo ('<p class = "login">Your are logged in as ' . $_COOKIE['username'] . '.</p>');
    		}
    		?>
    Last edited by calebandchels; 12-17-2010 at 07:45 PM.

  • #4
    Super Moderator Inigoesdr's Avatar
    Join Date
    Mar 2007
    Location
    Florida, USA
    Posts
    3,647
    Thanks
    2
    Thanked 406 Times in 398 Posts
    You need a "SELECT" at the beginning of your query:
    PHP Code:
    $query 'SELECT `user_id`, `username` FROM `helen_back_insiders` WHERE `username` = \'' $user_username '\' AND `password` = \'' sha1($user_password) . '\''

  • #5
    Regular Coder
    Join Date
    Nov 2009
    Location
    Florida United States
    Posts
    105
    Thanks
    6
    Thanked 2 Times in 2 Posts
    I knew it was something retarded. It still seems like its not picking my password im getting the error saying my fields are blank
    Last edited by calebandchels; 12-17-2010 at 08:22 PM.
    New Coder!!!!

  • #6
    Regular Coder
    Join Date
    Nov 2009
    Location
    Florida United States
    Posts
    105
    Thanks
    6
    Thanked 2 Times in 2 Posts
    Its getting my form data but i guess my pass isn't working did I use SHA correctly. in my db it shows as numbers but when i echo it back into an input value it shows my reg pass. The only thing I can think is SHA is incorrect somewhere!
    New Coder!!!!

  • #7
    Regular Coder
    Join Date
    Nov 2009
    Location
    Florida United States
    Posts
    105
    Thanks
    6
    Thanked 2 Times in 2 Posts

    cookies arn't setting

    I can't seem to get these cookies to set for the life of me.
    New Coder!!!!

  • #8
    Regular Coder
    Join Date
    Nov 2009
    Location
    Florida United States
    Posts
    105
    Thanks
    6
    Thanked 2 Times in 2 Posts

    Thumbs up

    figured it out thanks for help guys! I just removed the SHA attribute and didnt code the passwords in the db!
    Last edited by calebandchels; 12-17-2010 at 09:27 PM.
    New Coder!!!!


  •  

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •