Jump to content

help with passing php variables to mysql query

arjang

By arjang
in MySQL Help

Recommended Posts

arjang Newbie

arjang

Posted
Posted

i am trying to pass form variables to MYSQL query but i get this error:

Database query failed: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'bamo'' AND password=''KosaryBram1'' LIMIT 1' at line 1

here is my code:

public static function authenticate($username="", $password=""){
	global $database;
	$username = $database->GetSQLValueString($username, "text");
	$password = $database->GetSQLValueString($password, "text");

	$sql =  "SELECT * FROM users ";
	$sql .= "WHERE username ='{$username}' ";
	$sql .= "AND password='{$password}' ";
	$sql .= "LIMIT 1";
	$result_set = self::find_by_sql($sql);
	$found = $database->fetch_array($result_set);
	return !empty($found) ? $found : false;		
}

DavidAM Member

DavidAM

Posted
Posted

If you look closely at the error message. You will see that the single-quotes are doubled-up around your strings. It appears that your GetSQLValueString() method is returning a string that is already surrounded by single-quotes. Then you are putting single-quotes around that in:

		$sql =  "SELECT * FROM users ";
	$sql .= "WHERE username ='{$username}' ";
	$sql .= "AND password='{$password}' ";

 

since GetSQLValueString() is providing the surrounding quotes, try:

		$sql =  "SELECT * FROM users ";
	$sql .= "WHERE username ={$username} ";
	$sql .= "AND password={$password} ";

 

Archived

This topic is now archived and is closed to further replies.

Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.