This is my current code for taking a user log in:
//form goes here
I get a syntax error saying that the 'AND password =' clause is wrong. and then it is saying that the error is located at line 3, my tag, while the 'AND password ='is in line 75.
this is the start of my code from line 1:
Customer Login
asked May 26, 2016 at 3:50
nanjero05nanjero05
1111 gold badge3 silver badges11 bronze badges
7
You can use this.This definitely gonna work:
$sql = "SELECT username, password FROM customers
WHERE username = '$uName'
AND password = '$pWord'";
answered May 26, 2016 at 4:00
Your variable string concatenation is wrong in the SQL statement try the bellow one instead of your query code line
$sql = "SELECT username, password FROM customers
WHERE username = '".$uName." '
AND password = '".$pWord."'";
answered May 26, 2016 at 3:53
Dinidu HewageDinidu Hewage
2,0856 gold badges42 silver badges50 bronze badges
2
Change your query like this:
$sql = "SELECT username, password FROM customers WHERE username = '$uName ' AND password = '$pWord'";
When you pass string value you should cover with quotes.
Darren
12.9k4 gold badges38 silver badges76 bronze badges
answered May 26, 2016 at 3:56
Change your query in php as follows
$sql = "SELECT username, password FROM customers
WHERE username = '{$uName}'
AND password = '{$pWord}'";
I assume username is a string,so it needs to be passed as string using ''
answered May 26, 2016 at 3:54
SaurabhSaurabh
7801 gold badge5 silver badges15 bronze badges
You missed quote ' around the values. You can use only
numbers without quotes as values strings should be quoted. Your query is vulnerable to sql enjection so either escape your fields or use pdo. See below code for escaping the fields.
$pWord = $conn->real_escape_string[$pWord];
$uName = $conn->real_escape_string[$uName];
$sql = "SELECT username, password FROM customers
WHERE username = '$uName'
AND password = '$pWord'";
answered May 26, 2016 at 5:04
VinieVinie
2,9451 gold badge17 silver badges29 bronze badges