Jump to content

Issue with MYSQL Query

n1concepts

By n1concepts
in PHP Coding Help

 Share

Recommended Posts

n1concepts Regular Member

n1concepts

Posted
Posted

Hi,

 

I am defining a php script to check captured input username and password from a form against a MySQL database and can't get the syntax right - regarding the $_POST['password'] portion of query.

 

Here's the actual php code showing query:

 

//create and issue the query
// $command = "SELECT username FROM agents WHERE username ='".$_POST['username']."';";      // THIS ONE WORKS JUST FINE IF JUST CHECKING USERNAME from DB
$command = "SELECT username FROM agents WHERE username ='".$_POST['username']."' AND password = MD5('".$_POST['password']."');";
echo "Command: ".$command."<br>";
$result = mysql_query($command);
echo "Result: ".$result."<br>";

 

Here's the error I get on the php page when loading and submitting username and password:

 

Command: SELECT username FROM agents WHERE username ='user1' AND password = MD5('pass1234');

Result:

 

Warning: mysql_num_rows(): supplied argument is not a valid MySQL result resource in /home/websited/public_html/projects/forgottenmobile/index.php on line 58

 

Note: line 58 is just checking for:

 

mysql_num_rows($result) == 1;

 

The issue is the query is not correct regarding:

 

password = MD5('pass1234') portion of the SQL string.

I know it's with the location of th single and double quotes but struggling to find the right syntax structure.

 

Can someone advise the correct syntax structure to include MD5 function for the variable '$_POST[password]' in the $command query?

---

 

Note: the password is encrypted using MD5 so that function required in the query.

 

Thx!

Link to comment
Share on other sites
Psycho Prolific Member

Psycho

Posted
Posted

You should check for DB errors and provide a means to see the errors. In a dev environment you can just do this:

$result = mysql_query($command) or die(mysql_error());

 

I don't see anything wrong with the syntax of your query. Although you don't need the semi-colon at the end of the query, but I don't think that will cause an error. Could be you have a typo in the field names. Runt he above to see what the actual error is.

Link to comment
Share on other sites
n1concepts Regular Member

n1concepts

Posted
  • Author
Posted

Thanks for checking and I should have done that (dope!) to see issue.

Soon as I modify the string to see myslerror, it was PLAIN as day!

 

I didn't close the mysql connection (intentionally) and when I moved the code to another host, db wasn't update in file. :)

 

thx!

Link to comment
Share on other sites
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.