Jump to content


Photo

SQL error


  • Please log in to reply
3 replies to this topic

#1 PC Nerd

PC Nerd
  • Members
  • PipPipPip
  • Advanced Member
  • 1,122 posts
  • LocationAustralia

Posted 04 July 2006 - 03:00 AM

im creating a login script but php tells me that there is an error in the sql string

my code is as follows, can anyone help

$User_SQL = "SELECT User_Name, Password FROM General_Stats WHERE User_Name = $_POST['User_Name']";

ERROR:    Parse error: syntax error, unexpected T_ENCAPSED_AND_WHITESPACE, expecting T_STRING or T_VARIABLE or T_NUM_STRING in FILENAME on line 42



all help is much appreciated

#2 kenrbnsn

kenrbnsn
  • Staff Alumni
  • Advanced Member
  • 8,235 posts
  • LocationHillsborough, NJ, USA

Posted 04 July 2006 - 03:08 AM

The error could be in a preceding line.

But try this first before show us some of the preceding lines:
<?php
$User_SQL = "SELECT User_Name, Password FROM General_Stats WHERE User_Name = '" . $_POST['User_Name'] . "'";
?>

Ken

#3 PC Nerd

PC Nerd
  • Members
  • PipPipPip
  • Advanced Member
  • 1,122 posts
  • LocationAustralia

Posted 04 July 2006 - 04:01 AM

thanks mate, i think that worked


#4 .josh

.josh
  • Staff Alumni
  • .josh
  • 14,871 posts

Posted 04 July 2006 - 04:05 AM

the error is because you do not have quotes around the $_POST['User_Name'].  kenrbnsn's method will fix it.  However, it is not a good idea to insert posted variables directly into a sql query.  You should always sanitize them first.

here is an example:
function clean_var($value){
   if (get_magic_quotes_gpc()) { stripslashes($value); }
   if (!is_numeric($value)) { mysql_real_escape_string($value); }    
   return $value;
}

$User_Name = clean_var($_POST['User_Name']);

Did I help you? Feeling generous? Buy me lunch! 
Please, take the time and do some research and find out how much it would have cost you to get your help from a decent paid-for source. A "roll-of-the-dice" freelancer will charge you $5-$15/hr. A decent entry level freelancer will charge you around $15-30/hr. A professional will charge you anywhere from $50-$100/hr. An agency will charge anywhere from $100-$250/hr. Think about all this when soliciting for help here. Think about how much money you are making from the work you are asking for help on. No, we do not expect you to pay for the help given here, but donating a few bucks is a fraction of the cost of what you would have paid, shows your appreciation, helps motivate people to keep offering help without the pricetag, and helps make this a higher quality free-help community :)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users