Sodus
asked on
login password verification
I am fairly new to php. I created a db table with passwords that I am trying to verify by means of a login box. The password will load page with administrative options (add, modify, and delete menu). The login box code contains:
echo("<form method='post' action='petsnamelist2.php3 '>");
echo("<input type='password' name='pwauth' value='Password' size='10'>");
echo("<input type='submit' value='Submit'></p>");
echo("</form>");
The admin page (petsnamelist.php3) contains code:
$query_update = "SELECT * FROM pwd where passwd = " . $pwauth;
$query_result = mysql_query ($query_update);
if(!$query_result) {
echo ("<p>There was an error performing this SELECT query from the PETS table. " .
mysql_error() . "</p>");
exit();
}
I get the following error message: "There was an error performing this SELECT query from the password table. Unknown column '735step9' in 'where clause'"
I can't figure out why password value (735step9) is read as a column (column name is passwd) and not as a value? I am just trying to verify value in db table. Any ideas? Thanks very much.
echo("<form method='post' action='petsnamelist2.php3
echo("<input type='password' name='pwauth' value='Password' size='10'>");
echo("<input type='submit' value='Submit'></p>");
echo("</form>");
The admin page (petsnamelist.php3) contains code:
$query_update = "SELECT * FROM pwd where passwd = " . $pwauth;
$query_result = mysql_query ($query_update);
if(!$query_result) {
echo ("<p>There was an error performing this SELECT query from the PETS table. " .
mysql_error() . "</p>");
exit();
}
I get the following error message: "There was an error performing this SELECT query from the password table. Unknown column '735step9' in 'where clause'"
I can't figure out why password value (735step9) is read as a column (column name is passwd) and not as a value? I am just trying to verify value in db table. Any ideas? Thanks very much.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
if you have register globals off you would have to do it like this
$query_update = "SELECT * FROM pwd where passwd='".$_POST['pwauth'] ."'";
$query_result = mysql_query ($query_update) or die ("<p>There was an error performing this SELECT query from the PETS table. ".mysql_error()."</p>");
exit();
(significant change: $_POST['pwauth'] rather then $pwauth)
$query_update = "SELECT * FROM pwd where passwd='".$_POST['pwauth']
$query_result = mysql_query ($query_update) or die ("<p>There was an error performing this SELECT query from the PETS table. ".mysql_error()."</p>");
exit();
(significant change: $_POST['pwauth'] rather then $pwauth)
Correct. In SQL, just as in any programming language, string constants must be delimted with quotation marks.
@diablo84: or easier still
$query_update = "SELECT * FROM pwd where passwd='{$_POST['pwauth']} '";
@diablo84: or easier still
$query_update = "SELECT * FROM pwd where passwd='{$_POST['pwauth']}
ASKER
Thanks to StormyWaters, Diablo84, and arantius for answering my question. Much appreciated. Since all you responses worked I am going to have to divided up the points this way:
SormyWaters (45) - for first correct reply
Diablo84 (40)
arantius (40)
SormyWaters (45) - for first correct reply
Diablo84 (40)
arantius (40)
ASKER
My apologies, first time I am doing this. I meant to split the 125 points three ways but apparently failed at that attempt.
Don't worry Sodus, the important thing is you got your answer :)
"SELECT * FROM pwd where passwd = '$pwauth'";