[SOLVED] Error in SQL Syntax

[j9sjam3]

Thank you for your time.

I get this error:

---

You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'where Username='admin' and Password='1234' LIMIT 1' at line 1

---

The code is:

$mysql = mysql_query("SELECT * FROM tblUsers where Username='".$username."' and Password='".$password."' LIMIT 1") or die(mysql_error());
			while($row = mysql_fetch_assoc($mysql)){
				$userId = $row['UserID'];
				$user = $row['Admin'];
			}
	function loggedIn() {
		if(isset($_SESSION['username'])) {
			$username = $_SESSION['username'];
			$password = $_SESSION['password'];
			$mysql = mysql_query("SELECT * FROM tblUsers where Username='".$username."' and Password='".$password."' LIMIT 1") or die(mysql_error());
			$destroy = true;
			while($row = mysql_fetch_assoc($mysql)){
			$_SESSION['dbid'] = $row['UserID'];
		        $_SESSION['mgroup'] = $row['Admin'];
				$destroy  = false;
			}

 

Many thanks.

 

EDIT: I only posted a bit of the code, the area where the problem is.

[gevans]

SELECT * FROM tblUsers where Username='".$username."' and Password='".$password."' LIMIT 1

 

Have you checked that

 

tblUsers - spelt correctly (upper and lower case)

Username - same

Password - same

[btherl]

Those queries look fine to me .. which one gives the error?

[revraz]

I don't think it's one of those two queries.

[j9sjam3]

I think it is the second one which gives the error.

Here is the code:

index.php

<?php
session_start();
		$dbuser="xxx";
		$dbpass="xxx";
		$dbname = "xxx";
		$host = "xxx";
		$chandle = mysql_connect($host, $dbuser, $dbpass) 
		or die("Connection Failure to Database");
		mysql_select_db($dbname, $chandle) or die ($dbname . " Database not found." . $dbuser);
		$user = 0;
		$userId = -1;
			$mysql = mysql_query("SELECT * FROM tblUsers where Username='".$username."' and Password='".$password."' LIMIT 1") or die(mysql_error());
			while($row = mysql_fetch_assoc($mysql)){
				$userId = $row['UserID'];
				$user = $row['Admin'];
			}
	function loggedIn() {
		if(isset($_SESSION['username'])) {
			$username = $_SESSION['username'];
			$password = $_SESSION['password'];
			$mysql = mysql_query("SELECT * FROM tblUsers where Username='".$username."' and Password='".$password."' LIMIT 1") or die(mysql_error());
			$destroy = true;
			while($row = mysql_fetch_assoc($mysql)){
			$_SESSION['dbid'] = $row['UserID'];
		        $_SESSION['mgroup'] = $row['Admin'];
				$destroy  = false;
			}
			if($destroy) {
				echo 'Your password has changed. You must relogin.';
				session_destroy();
				return false;
			}
		echo $user;
		return true;
			} else {
				echo 'Welcome guest, please <a href="index.php?x=login">Login</a>.';
			} 
		return false;
}	
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title></title>
<link href="../include.css" rel="stylesheet" type="text/css" />
<style type="text/css">
.twoColElsLtHdr #login { 
width: auto;
margin: 0 auto;
text-align: right; 
}
</style>
</head>

<body class="twoColElsLtHdr">
<div id="container">
  <div id="header">
    <h1>Test</h1><div id="login"><?php			
if(loggedIn()) {
echo 'Welcome back, '.$_SESSION['username'].'! (<a href="index.php?x=logout">Logout</a>)';
}
?></div>
  <!-- end #header --></div>
  <div id="sidebar1">
    <h3 align="center">Menu</h3>
<p align="center"><?php
if($_SESSION['mgroup'] == 1) {
echo '<a href="index.php?x=update">Update Records</a>';	}
else{
echo '<u>You do not have access to the moderation area of the website.</u>';
}?></p>
      <!-- end #sidebar1 -->
    </p>
  </div>
  <div id="mainContent">
<?php
if(file_exists('x/'.$_GET['x'].'.php')) {
include('x/'.$_GET['x'].'.php');
} else {
?>
<?php
if(loggedIn()) {
echo 'Click <a href="index.php?x=admin">here</a>.';
} else {
echo '<h1>Welcome!</h1>
<p>Please login to continue...</p>'; }
?>

<?php  
}
?>
</div>
<br class="clearfloat" />
   <div id="footer">
    <p align="right">
    <a href="http://tcofd.com">By James Elliott</a></p>
  <!-- end #footer --></div>
<!-- end #container --></div>
</body>
</html>
<?php
$chandle.mysql_close();
?>

 

x/login.php

<div width=100% border=0 align=center style="font-weight:bold;">
Login
</div>


<?
$name = $_POST['Username'];
$oldpass =$_POST['oldpass'];


if($_POST['Username'] == "" || $_POST['oldpass'] == "") {

?>


<table>
<form method="post" action="index.php?x=login">
<tr> <td>Username:</td><td><input type="text" name="Username" maxlength="20"></td></tr>
<tr> <td>Password:</td><td><input type="password" name="oldpass" maxlength="20"></td></tr>

<tr><td><input type=submit value="Send"></td></tr>
</form>
</table>

<?
	} else {
		$mysql = mysql_query("SELECT * FROM tblUsers") or die(mysql_error());
		while($row = mysql_fetch_assoc($mysql)){
			if(strtolower($row['Username']) == strtolower($name)) {
$userexists = "yes";
			if(strtolower($row['Password']) == strtolower($oldpass)) {
$_SESSION['username'] = $row['Username'];
$_SESSION['password'] = $row['Password'];
$_SESSION['mgroup'] = $row['Admin'];
echo 'Thank you for logging in. You will be redirected in 5 seconds. <br><center><a href="index.php?">If you aren\'t, click here.</a></center>';
echo "<meta http-equiv='refresh' content='0;url=index.php?x=admin'>";
} else {
echo 'Invalid username or password.';
}
}
}
if($userexists != "yes") {
echo 'User doesn\'t exist.';
}
	}


?>

 

Thanks.

[j9sjam3]

Managed to poke around and found out the problem, thanks for all your help along the way.

[revraz]

So what was the problem?

[j9sjam3]

Didn't close all of the {.

Thanks.