j9sjam3 Posted January 15, 2009 Share Posted January 15, 2009 Thank you for your time. I get this error: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'where Username='admin' and Password='1234' LIMIT 1' at line 1 The code is: $mysql = mysql_query("SELECT * FROM tblUsers where Username='".$username."' and Password='".$password."' LIMIT 1") or die(mysql_error()); while($row = mysql_fetch_assoc($mysql)){ $userId = $row['UserID']; $user = $row['Admin']; } function loggedIn() { if(isset($_SESSION['username'])) { $username = $_SESSION['username']; $password = $_SESSION['password']; $mysql = mysql_query("SELECT * FROM tblUsers where Username='".$username."' and Password='".$password."' LIMIT 1") or die(mysql_error()); $destroy = true; while($row = mysql_fetch_assoc($mysql)){ $_SESSION['dbid'] = $row['UserID']; $_SESSION['mgroup'] = $row['Admin']; $destroy = false; } Many thanks. EDIT: I only posted a bit of the code, the area where the problem is. Quote Link to comment Share on other sites More sharing options...
gevans Posted January 15, 2009 Share Posted January 15, 2009 SELECT * FROM tblUsers where Username='".$username."' and Password='".$password."' LIMIT 1 Have you checked that tblUsers - spelt correctly (upper and lower case) Username - same Password - same Quote Link to comment Share on other sites More sharing options...
btherl Posted January 15, 2009 Share Posted January 15, 2009 Those queries look fine to me .. which one gives the error? Quote Link to comment Share on other sites More sharing options...
revraz Posted January 15, 2009 Share Posted January 15, 2009 I don't think it's one of those two queries. Quote Link to comment Share on other sites More sharing options...
j9sjam3 Posted January 15, 2009 Author Share Posted January 15, 2009 I think it is the second one which gives the error. Here is the code: index.php <?php session_start(); $dbuser="xxx"; $dbpass="xxx"; $dbname = "xxx"; $host = "xxx"; $chandle = mysql_connect($host, $dbuser, $dbpass) or die("Connection Failure to Database"); mysql_select_db($dbname, $chandle) or die ($dbname . " Database not found." . $dbuser); $user = 0; $userId = -1; $mysql = mysql_query("SELECT * FROM tblUsers where Username='".$username."' and Password='".$password."' LIMIT 1") or die(mysql_error()); while($row = mysql_fetch_assoc($mysql)){ $userId = $row['UserID']; $user = $row['Admin']; } function loggedIn() { if(isset($_SESSION['username'])) { $username = $_SESSION['username']; $password = $_SESSION['password']; $mysql = mysql_query("SELECT * FROM tblUsers where Username='".$username."' and Password='".$password."' LIMIT 1") or die(mysql_error()); $destroy = true; while($row = mysql_fetch_assoc($mysql)){ $_SESSION['dbid'] = $row['UserID']; $_SESSION['mgroup'] = $row['Admin']; $destroy = false; } if($destroy) { echo 'Your password has changed. You must relogin.'; session_destroy(); return false; } echo $user; return true; } else { echo 'Welcome guest, please <a href="index.php?x=login">Login</a>.'; } return false; } ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> <title></title> <link href="../include.css" rel="stylesheet" type="text/css" /> <style type="text/css"> .twoColElsLtHdr #login { width: auto; margin: 0 auto; text-align: right; } </style> </head> <body class="twoColElsLtHdr"> <div id="container"> <div id="header"> <h1>Test</h1><div id="login"><?php if(loggedIn()) { echo 'Welcome back, '.$_SESSION['username'].'! (<a href="index.php?x=logout">Logout</a>)'; } ?></div> <!-- end #header --></div> <div id="sidebar1"> <h3 align="center">Menu</h3> <p align="center"><?php if($_SESSION['mgroup'] == 1) { echo '<a href="index.php?x=update">Update Records</a>'; } else{ echo '<u>You do not have access to the moderation area of the website.</u>'; }?></p> <!-- end #sidebar1 --> </p> </div> <div id="mainContent"> <?php if(file_exists('x/'.$_GET['x'].'.php')) { include('x/'.$_GET['x'].'.php'); } else { ?> <?php if(loggedIn()) { echo 'Click <a href="index.php?x=admin">here</a>.'; } else { echo '<h1>Welcome!</h1> <p>Please login to continue...</p>'; } ?> <?php } ?> </div> <br class="clearfloat" /> <div id="footer"> <p align="right"> <a href="http://tcofd.com">By James Elliott</a></p> <!-- end #footer --></div> <!-- end #container --></div> </body> </html> <?php $chandle.mysql_close(); ?> x/login.php <div width=100% border=0 align=center style="font-weight:bold;"> Login </div> <? $name = $_POST['Username']; $oldpass =$_POST['oldpass']; if($_POST['Username'] == "" || $_POST['oldpass'] == "") { ?> <table> <form method="post" action="index.php?x=login"> <tr> <td>Username:</td><td><input type="text" name="Username" maxlength="20"></td></tr> <tr> <td>Password:</td><td><input type="password" name="oldpass" maxlength="20"></td></tr> <tr><td><input type=submit value="Send"></td></tr> </form> </table> <? } else { $mysql = mysql_query("SELECT * FROM tblUsers") or die(mysql_error()); while($row = mysql_fetch_assoc($mysql)){ if(strtolower($row['Username']) == strtolower($name)) { $userexists = "yes"; if(strtolower($row['Password']) == strtolower($oldpass)) { $_SESSION['username'] = $row['Username']; $_SESSION['password'] = $row['Password']; $_SESSION['mgroup'] = $row['Admin']; echo 'Thank you for logging in. You will be redirected in 5 seconds. <br><center><a href="index.php?">If you aren\'t, click here.</a></center>'; echo "<meta http-equiv='refresh' content='0;url=index.php?x=admin'>"; } else { echo 'Invalid username or password.'; } } } if($userexists != "yes") { echo 'User doesn\'t exist.'; } } ?> Thanks. Quote Link to comment Share on other sites More sharing options...
j9sjam3 Posted January 15, 2009 Author Share Posted January 15, 2009 Managed to poke around and found out the problem, thanks for all your help along the way. Quote Link to comment Share on other sites More sharing options...
revraz Posted January 15, 2009 Share Posted January 15, 2009 So what was the problem? Quote Link to comment Share on other sites More sharing options...
j9sjam3 Posted January 15, 2009 Author Share Posted January 15, 2009 Didn't close all of the {. Thanks. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.