jamesxg1 Posted June 10, 2009 Share Posted June 10, 2009 <?php session_start(); ini_set ("display_errors", "1"); error_reporting(E_ALL); include 'Functions.php'; include 'Database.php'; $username = Clean($_POST['username']); $password = Encrypt($_POST['password']); $token = $_POST['token']; $POST = count($_POST); $GET = count($_GET); $length = strlen($username || $password); if (!$POST > 3 || $GET > 0) { print "Submission Error, Too Many Post Values."; } else { if ($length > 32) { print "Submission Error, Post Values Too Long"; } else { if ($_SESSION['token'] !== $token) { echo "Invalid submission."; } else { if (!isset($username) && !isset($password)) { print "Error, Please Enter All Field's"; } else { $sql = "SELECT * FROM `users` WHERE username = '$username' AND password = '$password'"; $results = mysql_query($sql) or die (mysql_error()); if (!mysql_num_rows($results) > 0) { print "Error, Account Does Not Exist"; } else { print "HELLO MAYTEE!."; } } } } } ?> You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'jamesxg1'' AND password = 'ada9997043dfbe34937130e25489eb203b4f467e'' at line 1 Link to comment https://forums.phpfreaks.com/topic/161727-solved-mysql-error/ Share on other sites More sharing options...
Maq Posted June 10, 2009 Share Posted June 10, 2009 Echo out $sql and see what the value is. Link to comment https://forums.phpfreaks.com/topic/161727-solved-mysql-error/#findComment-853313 Share on other sites More sharing options...
jamesxg1 Posted June 10, 2009 Author Share Posted June 10, 2009 Echo out $sql and see what the value is. Ok, Doing this. $sql = "SELECT * FROM `users` WHERE username = '$username' AND password = '$password'"; echo "$sql<br>"; $results = mysql_query($sql) or die (mysql_error()); Gave me, SELECT * FROM `users` WHERE username = ''jamesxg1'' AND password = 'ada9997043dfbe34937130e25489eb203b4f467e' You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'jamesxg1'' AND password = 'ada9997043dfbe34937130e25489eb203b4f467e'' at line 1 Link to comment https://forums.phpfreaks.com/topic/161727-solved-mysql-error/#findComment-853316 Share on other sites More sharing options...
jamesxg1 Posted June 10, 2009 Author Share Posted June 10, 2009 Fixed , It was a function error. Thanks for the help guys. James. Link to comment https://forums.phpfreaks.com/topic/161727-solved-mysql-error/#findComment-853318 Share on other sites More sharing options...
PFMaBiSmAd Posted June 10, 2009 Share Posted June 10, 2009 Your Clean() function should NOT be doing anything that has to do with sql syntax, such as putting quotes around string data. It should only be cleaning the data. Any sql syntax, such as single quotes around string data, should only be done in the actual query. Link to comment https://forums.phpfreaks.com/topic/161727-solved-mysql-error/#findComment-853320 Share on other sites More sharing options...
Maq Posted June 10, 2009 Share Posted June 10, 2009 Fixed , It was a function error. Thanks for the help guys. James. Weird, your query looks perfectly fine. Mind sharing what the error was? Link to comment https://forums.phpfreaks.com/topic/161727-solved-mysql-error/#findComment-853326 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.