Hi,
Wednesday, May 18, 2005, 4:27:34 PM, you wrote:
MS> Hi All,
MS> the below code generates this error,
MS> Unknown column 'peterspeters' in 'where clause'
MS> mysql_select_db("status", $db);
MS> $username = $_POST["username"];
MS> $password = $_POST["password"];
MS> $result = mysql_query("SELECT customer_id FROM Customers WHERE
MS> customer_username = $username AND customer_password = $password") or die
MS> (mysql_error());
MS> $myrow = mysql_fetch_row($result);
MS> $customer_id = $myrow[0];
MS> $_SESSION['customer_id'] = $customer_id;
?>>
MS> </head>
MS> <body>
MS> <?php
MS> echo 'SQL Query: '.$result.'<br>';
MS> echo "CustomerID = $customer_id";
?>>
MS> Cheers.
MS> Mark Sargent.
You need to put the variables in single quotes, otherwise mysql treats
it as a column name. You should also escape the strings to be safe if
magic_quotes are turned off in php.ini
A bit like this:
mysql_select_db("status", $db);
$username = mysql_escape_string($_POST["username"]);
$password = mysql_escape_string($_POST["password"]);
$result = mysql_query("
SELECT customer_id
FROM Customers
WHERE customer_username = '$username'
AND customer_password = '$password'") or die (mysql_error());
$myrow = mysql_fetch_row($result);
$customer_id = $myrow[0];
$_SESSION['customer_id'] = $customer_id;
--
regards,
Tom
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
