Jump to content

[SOLVED] not sure why getting SQL query error

webguync

By webguync
in PHP Coding Help

 Share

Recommended Posts

webguync Advanced Member

webguync

Posted
Posted

Hi,

 

I am getting the following SQL error when trying to login authenticating against MSQL table info.

 

the error is "The query failed You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''roster' WHERE username='bruce.gilbert@edtsi.com'' at line 2"

 

the authentication code again the DB I am using is  below. The fields I am authenticating against are 'username' and 'pwid'

 

<?php 
ini_set("display_errors","1");
ERROR_REPORTING(E_ALL);
$con = mysql_connect("localhost","username","pw");
if (!$con)
  {
  die('Could not connect: ' . mysql_error());
  }

mysql_select_db("DBNAME", $con);




// Start a session. Session is explained below.
session_start();

// Same checking stuff all over again.
if(isset($_POST['submit'])) {
if(empty($_POST['username']) || empty($_POST['pwid'])) {
	echo "Sorry, you have to fill in both your username and password";
                exit;
}
// Create the variables again.
$username = $_POST['username'];
$pwid = $_POST['pwid'];
// Encrypt the password again with the md5 hash. 
// This way the password is now the same as the password inside the database.
$pwid = md5($pwid);

// Store the SQL query inside a variable. 
// ONLY the username you have filled in is retrieved from the database.
$query = "SELECT username,pwid 
		  FROM	 'roster'
		  WHERE	 username='$username'";

$result = mysql_query($query);
if(!$result) { 
	// Gives an error if the username given does not exist.
	// or if something else is wrong.
	echo "The query failed " . mysql_error();
} else {
	// Now create an object from the data you've retrieved.
	$row = mysql_fetch_object($result);
	// You've now created an object containing the data.
	// You can call data by using -> after $row.
	// For example now the password is checked if they're equal.
	if($row->pwid != $pwid) {
		echo "I am sorry, but the passwords are not equal.";
                        exit;
	}
	// By storing data inside the $_SESSION superglobal,
	// you stay logged in until you close your browser.
	$_SESSION['username'] = $username;
	$_SESSION['sid'] = session_id(); 
	// Make it more secure by storing the user's IP address.
	$_SESSION['ip'] = $_SERVER['REMOTE_ADDR'];
	// Now give the success message.
	// $_SESSION['username'] should print out your username.
	echo "Success! You are now logged in " . $_SESSION['username'];
}
}
?><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Untitled Document</title>
</head>

<body>
</body>
</html>

Maq Prolific Member

Maq

Posted
Posted

Only the values you're comparing to need single quotes around them (unless the field type is integer).

 

You may have seen backtick ` around table names, that's due to the table name is a MySQL reserved word, and with backticks it kind of escapes that word and knows it's a table name rather than a MySQL function/keyword.

 

Please mark as [sOLVED].

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.