Using mysqli_error($db_connect), I have an error as seen below:
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ‘SELCT * FROM DP_Users WHERE Username=cwtt AND Password=202cb962ac59075b964′ at line 1.
I’m not sure where I went wrong. I am unable to query the database and set my $_SESSION variable.
The first php code is out the HTML tag while the second php code is inside the HTML tag.
Please help!
<?php
include "DB_Connect.php";
session_start();
if (isset($_POST['user_name']) && isset($_POST['pwd']))
{ $userid = $_POST['user_name'];
$password = $_POST['pwd'];
$password = md5($password);
/* Debug Purposes:
echo $password; */
$login = "SELCT * FROM `DP_Users` WHERE `Username`=$userid AND `Password`=$password ";
/* Debug Purposes:*/
echo "<br>" .$login. "<br>";
$result = mysqli_query($db_connect,$login);
// 1st If Else Condtion: Check if Query to Database is successful!
if ($result) { // True - Query Successful
// 2nd If Else Condtion: Check if there are more than zero rows returned from query
result.
if ( mysqli_num_rows($result_query) > 0 ) // TRUE - Database is populated
{
$_SESSION['valid_user'] = $userid;
} else {
echo 'Database has not been populated!';
}
} else {// False - Query Unsuccessful
echo 'Query failed! <br> <br>';
//Returns the last error description for the most recent function call, if any.
echo mysqli_error($db_connect);
}
mysqli_close($db_connect);
}
?>
<div class = "register_content">
<?php
if (isset($_SESSION['valid_user'])) {
echo '<div class="login_status">';
echo '<div class="login_status_header">';
echo '<div class="login_status_tite" >Login Status:</div>';
echo '<div class="complete_login">Welcome!' .$_SESSION['valid_user']. '</b></div>';
echo '<img src="arrow_login.png" height="30" width="40" style ="float: left;">';
echo '<a class="order_direct" href="Order.php">Proceed to Order... </a>';
echo '</div>';
echo '</div>';
} else {
echo '<p class="register_text">';
echo 'Not a User?';
echo '</p>';
echo '<a class="register_link" href="register.php">Sign Up Now!</a>';
echo '<div class="login_status">';
echo '<div class="login_status_header">';
if (isset($userid)) {
echo '<div class="login_status_tite">Login Status:</div>';
echo '<div class="incomplete_login">Unable to Login!</b></div>';
} else {
echo'<div class="login_status_tite">Login Status:</div>';
echo '<div class="incomplete_login">Login Not Detected!</b></div>';
echo '</div>';
echo '</div>';
}
?>
</div>
>Solution :
Two things:
- You’ve got a typo in the query: SELECT, not SELCT 🙂
- Enclose parameters in quotes
So your code should look like this:
$login = "SELECT * FROM DP_Users WHERE Username='$userid' AND Password='$password';";
And BTW, read something about binding parameters, for security purposes.