• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 342
  • Last Modified:

login password verification

I am fairly new to php.  I created a db table with passwords that I am trying to verify by means of a login box.  The password will load page with administrative options (add, modify, and delete menu).  The login box code contains:
echo("<form method='post' action='petsnamelist2.php3'>");
echo("<input type='password' name='pwauth' value='Password' size='10'>");
echo("<input type='submit' value='Submit'></p>");
echo("</form>");
The admin page (petsnamelist.php3) contains code:
$query_update = "SELECT * FROM pwd where passwd = " . $pwauth;
$query_result = mysql_query ($query_update);
if(!$query_result) {
echo ("<p>There was an error performing this SELECT query from the PETS table. " .
mysql_error() . "</p>");
exit();
}
I get the following error message: "There was an error performing this SELECT query from the password table. Unknown column '735step9' in 'where clause'"
I can't figure out why password value (735step9) is read as a column (column name is passwd) and not as a value?  I am just trying to verify value in db table.  Any ideas?  Thanks very much.
0
Sodus
Asked:
Sodus
1 Solution
 
StormyWatersCommented:
It should be in quotes.
"SELECT  * FROM pwd WHERE passwd = \"".$pwauth."\"";
0
 
Diablo84Commented:
or easier still

"SELECT * FROM pwd where passwd =  '$pwauth'";
0
 
Diablo84Commented:
if you have register globals off you would have to do it like this

$query_update = "SELECT * FROM pwd where passwd='".$_POST['pwauth']."'";
$query_result = mysql_query ($query_update) or die ("<p>There was an error performing this SELECT query from the PETS table. ".mysql_error()."</p>");
exit();


(significant change: $_POST['pwauth'] rather then $pwauth)
0
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
arantiusCommented:
Correct.  In SQL, just as in any programming language, string constants must be delimted with quotation marks.

@diablo84: or easier still
$query_update = "SELECT * FROM pwd where passwd='{$_POST['pwauth']}'";
0
 
SodusAuthor Commented:
Thanks to StormyWaters, Diablo84, and arantius for answering my question.  Much appreciated.  Since all you responses worked I am going to have to divided up the points this way:
SormyWaters (45) - for first correct reply
Diablo84 (40)
arantius (40)

0
 
SodusAuthor Commented:
My apologies, first time I am doing this.  I meant to split the 125 points three ways but apparently failed at that attempt.
0
 
Diablo84Commented:
Don't worry Sodus, the important thing is you got your answer :)
0

Featured Post

Keep up with what's happening at Experts Exchange!

Sign up to receive Decoded, a new monthly digest with product updates, feature release info, continuing education opportunities, and more.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now