bpburrow Posted November 16, 2009 Share Posted November 16, 2009 I've been working on a php login script thinking I'm almost at the finish line until I run into the following error: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''Admin' WHERE 'username'='test' AND 'password'='07faabda7560acb21c5d43543fe2' at line 1 As far as I know the server is using the latest and greatest version of MySQL. Now, I'm still fairly new to MySQL, but this shouldn't be all that difficult. What am I doing wrong? Any suggestions? Here's my script (adminlogin.php): <?php session_start(); //Login form (adminlogin.php) error_reporting(E_ALL); require_once('site_fns.php'); do_html_header('Brittanys Admin page'); do_menu_main2(''); if(!$_POST['submit']) // 'submit' hasn't been clicked so output html. { ?> <form action="adminlogin.php" method="post"> <div id="menu" class="mainMenu"> <fieldset> <legend>Admin Login</legend> <ul> <li> <label for="username">Username:</label> <input type="text" name="username" /> </li> <li> <label for="password">Password:</label> <input type="password" name="password" /> </li> </ul> <input type="submit" name="submit" value="Login" /> </fieldset> </div> </form> <?php } else { $user= protect($_POST['username']); $pass= protect($_POST['password']); //Here's the protect function to prevent SQL injection. Called from site_fns.php //function protect($string) // { // $string = mysql_real_escape_string($string); // return $string; // } if($user && $pass) { $pass = md5($pass); //compare the encrypted password $sql="SELECT id,username FROM 'Admin' WHERE 'username'='$user' AND 'password'='$pass'"; $query=mysql_query($sql) or die(mysql_error()); if(mysql_num_rows($query) > 0) { $row = mysql_fetch_assoc($query); // mysql_fetch_assoc gets the value for each field in the row $_SESSION['id'] = $row['id']; //creates the first session var $_SESSION['username'] = $row['username']; // second session var echo "<script type=\"text/javascript\">window.location=\"mainadmin.php\"</script>"; } else { echo "<script type=\"text/javascript\"> alert(\"Username and password combination is incorrect!\"); window.location=\"index.php\"</script>"; } } else { echo "<script type=\"text/javascript\"> alert(\"You need to gimme a username AND password!\"); window.location=\"index.php\"</script>"; } } do_html_footer(); ?> Here's my db structure: id int(10) not null unasigned auto_increment username varchar(32) not null password varchar(225) not null Quote Link to comment Share on other sites More sharing options...
Scorpy Posted November 16, 2009 Share Posted November 16, 2009 Try replacing: $sql="SELECT id,username FROM 'Admin' WHERE 'username'='$user' AND 'password'='$pass'"; With: $sql="SELECT id,username FROM Admin WHERE username='$user' AND password='$pass'"; Quote Link to comment Share on other sites More sharing options...
bpburrow Posted November 16, 2009 Author Share Posted November 16, 2009 That did the trick. Thanks for the help. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.