login password verification

I am fairly new to php.  I created a db table with passwords that I am trying to verify by means of a login box.  The password will load page with administrative options (add, modify, and delete menu).  The login box code contains:
echo("<form method='post' action='petsnamelist2.php3'>");
echo("<input type='password' name='pwauth' value='Password' size='10'>");
echo("<input type='submit' value='Submit'></p>");
The admin page (petsnamelist.php3) contains code:
$query_update = "SELECT * FROM pwd where passwd = " . $pwauth;
$query_result = mysql_query ($query_update);
if(!$query_result) {
echo ("<p>There was an error performing this SELECT query from the PETS table. " .
mysql_error() . "</p>");
I get the following error message: "There was an error performing this SELECT query from the password table. Unknown column '735step9' in 'where clause'"
I can't figure out why password value (735step9) is read as a column (column name is passwd) and not as a value?  I am just trying to verify value in db table.  Any ideas?  Thanks very much.
Who is Participating?
StormyWatersConnect With a Mentor Commented:
It should be in quotes.
"SELECT  * FROM pwd WHERE passwd = \"".$pwauth."\"";
or easier still

"SELECT * FROM pwd where passwd =  '$pwauth'";
if you have register globals off you would have to do it like this

$query_update = "SELECT * FROM pwd where passwd='".$_POST['pwauth']."'";
$query_result = mysql_query ($query_update) or die ("<p>There was an error performing this SELECT query from the PETS table. ".mysql_error()."</p>");

(significant change: $_POST['pwauth'] rather then $pwauth)
Train for your Pen Testing Engineer Certification

Enroll today in this bundle of courses to gain experience in the logistics of pen testing, Linux fundamentals, vulnerability assessments, detecting live systems, and more! This series, valued at $3,000, is free for Premium members, Team Accounts, and Qualified Experts.

Correct.  In SQL, just as in any programming language, string constants must be delimted with quotation marks.

@diablo84: or easier still
$query_update = "SELECT * FROM pwd where passwd='{$_POST['pwauth']}'";
SodusAuthor Commented:
Thanks to StormyWaters, Diablo84, and arantius for answering my question.  Much appreciated.  Since all you responses worked I am going to have to divided up the points this way:
SormyWaters (45) - for first correct reply
Diablo84 (40)
arantius (40)

SodusAuthor Commented:
My apologies, first time I am doing this.  I meant to split the 125 points three ways but apparently failed at that attempt.
Don't worry Sodus, the important thing is you got your answer :)
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.