sardonicgem Posted May 21, 2008 Share Posted May 21, 2008 Hello folks, I am a complete newbie and I have created a simple login page that correlates to the following DB table named users Column | Type | Modifiers ----------+------+----------- username | text | password | text | which contains the following: username | password ----------+-------------- testname | testpassword (1 row) This is my script logic: $sql = "SELECT username, password FROM users WHERE username = $usr AND password = $pass"; $result = pg_exec($handle, $sql); if ($result) { $data = pg_fetch_row($result); echo "data: $data[0], $data[1]<br>\n"; dbdiscon($handle); return true; } else { dbdiscon($handle); echo "not found"; return false; } The variables get set to $usr = "testname" and $pass = "testpassword" when entered into the login form. This is the error I get: connection to database established ... Warning: pg_exec() [function.pg-exec]: Query failed: ERROR: column "testname" does not exist LINE 1: ...CT username, password FROM users WHERE username = testname A... ^ in Quote Link to comment Share on other sites More sharing options...
btherl Posted May 21, 2008 Share Posted May 21, 2008 Try like this: $sql = "SELECT username, password FROM users WHERE username = '$usr' AND password = '$pass'"; You should also use pg_escape_string() on $usr and $pass first, otherwise people may be able to insert their own sql commands into the username or password. Quote Link to comment Share on other sites More sharing options...
sardonicgem Posted May 21, 2008 Author Share Posted May 21, 2008 Thank you for your recommendations It's now functional. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.