Jump to content

Archived

This topic is now archived and is closed to further replies.

PC Nerd

SQL error

Recommended Posts

im creating a login script but php tells me that there is an error in the sql string

my code is as follows, can anyone help

$User_SQL = "SELECT User_Name, Password FROM General_Stats WHERE User_Name = $_POST['User_Name']";

ERROR:    Parse error: syntax error, unexpected T_ENCAPSED_AND_WHITESPACE, expecting T_STRING or T_VARIABLE or T_NUM_STRING in FILENAME on line 42



all help is much appreciated

Share this post


Link to post
Share on other sites
The error could be in a preceding line.

But try this first before show us some of the preceding lines:
[code]<?php
$User_SQL = "SELECT User_Name, Password FROM General_Stats WHERE User_Name = '" . $_POST['User_Name'] . "'";
?>[/code]

Ken

Share this post


Link to post
Share on other sites
the error is because you do not have quotes around the $_POST['User_Name'].  [b]kenrbnsn's[/b] method will fix it.  However, it is not a good idea to insert posted variables directly into a sql query.  You should always sanitize them first.

here is an example:
[code]
function clean_var($value){
  if (get_magic_quotes_gpc()) { stripslashes($value); }
  if (!is_numeric($value)) { mysql_real_escape_string($value); }   
  return $value;
}

$User_Name = clean_var($_POST['User_Name']);
[/code]

Share this post


Link to post
Share on other sites

×

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.