?
Solved

login password verification

Posted on 2004-08-25
7
Medium Priority
?
339 Views
Last Modified: 2008-03-06
I am fairly new to php.  I created a db table with passwords that I am trying to verify by means of a login box.  The password will load page with administrative options (add, modify, and delete menu).  The login box code contains:
echo("<form method='post' action='petsnamelist2.php3'>");
echo("<input type='password' name='pwauth' value='Password' size='10'>");
echo("<input type='submit' value='Submit'></p>");
echo("</form>");
The admin page (petsnamelist.php3) contains code:
$query_update = "SELECT * FROM pwd where passwd = " . $pwauth;
$query_result = mysql_query ($query_update);
if(!$query_result) {
echo ("<p>There was an error performing this SELECT query from the PETS table. " .
mysql_error() . "</p>");
exit();
}
I get the following error message: "There was an error performing this SELECT query from the password table. Unknown column '735step9' in 'where clause'"
I can't figure out why password value (735step9) is read as a column (column name is passwd) and not as a value?  I am just trying to verify value in db table.  Any ideas?  Thanks very much.
0
Comment
Question by:Sodus
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
7 Comments
 
LVL 13

Accepted Solution

by:
StormyWaters earned 500 total points
ID: 11894539
It should be in quotes.
"SELECT  * FROM pwd WHERE passwd = \"".$pwauth."\"";
0
 
LVL 27

Expert Comment

by:Diablo84
ID: 11894729
or easier still

"SELECT * FROM pwd where passwd =  '$pwauth'";
0
 
LVL 27

Expert Comment

by:Diablo84
ID: 11894827
if you have register globals off you would have to do it like this

$query_update = "SELECT * FROM pwd where passwd='".$_POST['pwauth']."'";
$query_result = mysql_query ($query_update) or die ("<p>There was an error performing this SELECT query from the PETS table. ".mysql_error()."</p>");
exit();


(significant change: $_POST['pwauth'] rather then $pwauth)
0
Why Off-Site Backups Are The Only Way To Go

You are probably backing up your data—but how and where? Ransomware is on the rise and there are variants that specifically target backups. Read on to discover why off-site is the way to go.

 
LVL 18

Expert Comment

by:arantius
ID: 11894969
Correct.  In SQL, just as in any programming language, string constants must be delimted with quotation marks.

@diablo84: or easier still
$query_update = "SELECT * FROM pwd where passwd='{$_POST['pwauth']}'";
0
 

Author Comment

by:Sodus
ID: 11896097
Thanks to StormyWaters, Diablo84, and arantius for answering my question.  Much appreciated.  Since all you responses worked I am going to have to divided up the points this way:
SormyWaters (45) - for first correct reply
Diablo84 (40)
arantius (40)

0
 

Author Comment

by:Sodus
ID: 11896234
My apologies, first time I am doing this.  I meant to split the 125 points three ways but apparently failed at that attempt.
0
 
LVL 27

Expert Comment

by:Diablo84
ID: 11896374
Don't worry Sodus, the important thing is you got your answer :)
0

Featured Post

Want to be a Web Developer? Get Certified Today!

Enroll in the Certified Web Development Professional course package to learn HTML, Javascript, and PHP. Build a solid foundation to work toward your dream job!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Popularity Can Be Measured Sometimes we deal with questions of popularity, and we need a way to collect opinions from our clients.  This article shows a simple teaching example of how we might elect a favorite color by letting our clients vote for …
3 proven steps to speed up Magento powered sites. The article focus is on optimizing time to first byte (TTFB), full page caching and configuring server for optimal performance.
Explain concepts important to validation of email addresses with regular expressions. Applies to most languages/tools that uses regular expressions. Consider email address RFCs: Look at HTML5 form input element (with type=email) regex pattern: T…
The viewer will learn how to create a basic form using some HTML5 and PHP for later processing. Set up your basic HTML file. Open your form tag and set the method and action attributes.: (CODE) Set up your first few inputs one for the name and …
Suggested Courses

765 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question