Unable to Set $_SESSION and query using MYSQLi

Using mysqli_error($db_connect), I have an error as seen below:

You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ‘SELCT * FROM DP_Users WHERE Username=cwtt AND Password=202cb962ac59075b964′ at line 1.

I’m not sure where I went wrong. I am unable to query the database and set my $_SESSION variable.

The first php code is out the HTML tag while the second php code is inside the HTML tag.

Please help!


include "DB_Connect.php";


if (isset($_POST['user_name']) && isset($_POST['pwd']))

{   $userid = $_POST['user_name'];
    $password = $_POST['pwd'];
    $password = md5($password);
    /* Debug Purposes:
    echo $password; */
    $login = "SELCT * FROM `DP_Users` WHERE `Username`=$userid AND `Password`=$password ";
    /* Debug Purposes:*/
    echo "<br>" .$login. "<br>"; 
    $result = mysqli_query($db_connect,$login);
    //  1st If Else Condtion: Check if Query to Database is successful!
    if ($result) { // True - Query Successful
        //  2nd If Else Condtion: Check if there are more than zero rows returned from query 
        if ( mysqli_num_rows($result_query) > 0 ) // TRUE - Database is populated
            $_SESSION['valid_user'] = $userid; 
        } else {
            echo 'Database has not been populated!';
    } else {// False - Query Unsuccessful

        echo 'Query failed! <br> <br>';
        //Returns the last error description for the most recent function call, if any.
        echo mysqli_error($db_connect);



<div class = "register_content">
    if (isset($_SESSION['valid_user'])) {
        echo '<div class="login_status">';
        echo '<div class="login_status_header">';
        echo '<div class="login_status_tite" >Login Status:</div>';
        echo '<div class="complete_login">Welcome!' .$_SESSION['valid_user']. '</b></div>';
        echo '<img src="arrow_login.png" height="30" width="40" style ="float: left;">';
        echo '<a class="order_direct" href="Order.php">Proceed to Order... </a>';
        echo '</div>';
        echo '</div>';
    } else {
        echo '<p class="register_text">';   
        echo 'Not a User?';
        echo '</p>';
        echo '<a class="register_link" href="register.php">Sign Up Now!</a>';

        echo '<div class="login_status">';
        echo '<div class="login_status_header">';
        if (isset($userid)) {                                           
            echo '<div class="login_status_tite">Login Status:</div>';                          
            echo '<div class="incomplete_login">Unable to Login!</b></div>';
        } else {    
            echo'<div class="login_status_tite">Login Status:</div>';                                               
            echo '<div class="incomplete_login">Login Not Detected!</b></div>';
            echo '</div>';
        echo '</div>';

>Solution :

Two things:

  1. You’ve got a typo in the query: SELECT, not SELCT 🙂
  2. Enclose parameters in quotes

So your code should look like this:

$login = "SELECT * FROM DP_Users WHERE Username='$userid' AND Password='$password';";

And BTW, read something about binding parameters, for security purposes.

Leave a Reply