garethhall Posted August 2, 2009 Share Posted August 2, 2009 Hello I am writing a login script and want to have member be able to login with their username or email address. So I just want to query the DB and see if the user is in the DB. But their must be somthing wrong with my SQL as it's not taking my password into account. Meaning it selects the first part fine the userName OR userEmailAddress but when I put in the wrong password it still selects the user? How can I update me SQL to fix this or should I run 2 queries? one for userName and one for userEmaillAddress? <?php $sql = "SELECT * FROM members WHERE userName = 'userNameHere' OR userEmailAddress = 'emailAddressHere' AND userPassword = 'passwordHere'"; ?> Link to comment https://forums.phpfreaks.com/topic/168550-solved-a-little-sql-help/ Share on other sites More sharing options...
Mark Baker Posted August 2, 2009 Share Posted August 2, 2009 $sql = "SELECT * FROM members WHERE (userName = 'userNameHere' OR userEmailAddress = 'emailAddressHere') AND userPassword = 'passwordHere'"; ?> Note the brackets Link to comment https://forums.phpfreaks.com/topic/168550-solved-a-little-sql-help/#findComment-889107 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.