while giving correct login id , password there in databse "tutorial" in table "users", giving me error on login.php being redirected.
error is:
you have error in sql syntax; check manual corresponds mysql server version right syntax use near ''users' 'user' = 'xyz'' @ line 1
where xyz username given user.
<?php $inputuser = $_post["user"]; $inputpass = $_post["pass"]; $user = "root"; $password = ""; $database = "tutorial"; $connect = mysql_connect("localhost", $user, $password); @mysql_select_db($database) or die("database not found"); $query = "select * 'users' 'user' = '$inputuser'"; $querypass = "select * 'users' 'password' = '$inputpass'"; $result = mysql_query($query) or die(mysql_error()); $resultpass = mysql_query($querypass) or die( mysql_error()); $row = mysql_fetch_array($result); $rowpass = mysql_fetch_array($resultpass); $serveruser = $row["user"]; $serverpass = $row["password"]; if ($serveruser && $serverpass){ if(!$result){ die("username name or password invalid"); } echo "<br><center>database output</b> </center><br><br> "; mysql_close(); echo $inputpass; echo $serverpass; if($inputpass == $serverpass){ header('location: home.php'); } else { echo "sorry, bad login"; } } ?>
abhik chakraborty correct.
if want enclose field/column or table names have use backticks (so ` instead of '). backtick diagonal quote on button next "1", above "tab".
to enclose field values should use quotes way did. corrected query: select * `users` `user` = '$inputuser';
however, should never, ever insert input gotten user directly query. if type in a';drop table your_table_name; can cause database start deleting tables, requesting records, etc.
use correct escaping of user input: see stackoverflow article on how safely escape user input.
Comments
Post a Comment