arjang Posted August 7, 2011 Share Posted August 7, 2011 i am trying to pass form variables to MYSQL query but i get this error: Database query failed: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'bamo'' AND password=''KosaryBram1'' LIMIT 1' at line 1 here is my code: public static function authenticate($username="", $password=""){ global $database; $username = $database->GetSQLValueString($username, "text"); $password = $database->GetSQLValueString($password, "text"); $sql = "SELECT * FROM users "; $sql .= "WHERE username ='{$username}' "; $sql .= "AND password='{$password}' "; $sql .= "LIMIT 1"; $result_set = self::find_by_sql($sql); $found = $database->fetch_array($result_set); return !empty($found) ? $found : false; } Quote Link to comment Share on other sites More sharing options...
DavidAM Posted August 7, 2011 Share Posted August 7, 2011 If you look closely at the error message. You will see that the single-quotes are doubled-up around your strings. It appears that your GetSQLValueString() method is returning a string that is already surrounded by single-quotes. Then you are putting single-quotes around that in: $sql = "SELECT * FROM users "; $sql .= "WHERE username ='{$username}' "; $sql .= "AND password='{$password}' "; since GetSQLValueString() is providing the surrounding quotes, try: $sql = "SELECT * FROM users "; $sql .= "WHERE username ={$username} "; $sql .= "AND password={$password} "; Quote Link to comment Share on other sites More sharing options...
arjang Posted August 7, 2011 Author Share Posted August 7, 2011 thank you:) it works now Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.