Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people, just like you, are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
Solved

login password verification

Posted on 2004-08-25
7
328 Views
Last Modified: 2008-03-06
I am fairly new to php.  I created a db table with passwords that I am trying to verify by means of a login box.  The password will load page with administrative options (add, modify, and delete menu).  The login box code contains:
echo("<form method='post' action='petsnamelist2.php3'>");
echo("<input type='password' name='pwauth' value='Password' size='10'>");
echo("<input type='submit' value='Submit'></p>");
echo("</form>");
The admin page (petsnamelist.php3) contains code:
$query_update = "SELECT * FROM pwd where passwd = " . $pwauth;
$query_result = mysql_query ($query_update);
if(!$query_result) {
echo ("<p>There was an error performing this SELECT query from the PETS table. " .
mysql_error() . "</p>");
exit();
}
I get the following error message: "There was an error performing this SELECT query from the password table. Unknown column '735step9' in 'where clause'"
I can't figure out why password value (735step9) is read as a column (column name is passwd) and not as a value?  I am just trying to verify value in db table.  Any ideas?  Thanks very much.
0
Comment
Question by:Sodus
7 Comments
 
LVL 13

Accepted Solution

by:
StormyWaters earned 125 total points
ID: 11894539
It should be in quotes.
"SELECT  * FROM pwd WHERE passwd = \"".$pwauth."\"";
0
 
LVL 27

Expert Comment

by:Diablo84
ID: 11894729
or easier still

"SELECT * FROM pwd where passwd =  '$pwauth'";
0
 
LVL 27

Expert Comment

by:Diablo84
ID: 11894827
if you have register globals off you would have to do it like this

$query_update = "SELECT * FROM pwd where passwd='".$_POST['pwauth']."'";
$query_result = mysql_query ($query_update) or die ("<p>There was an error performing this SELECT query from the PETS table. ".mysql_error()."</p>");
exit();


(significant change: $_POST['pwauth'] rather then $pwauth)
0
Free Tool: IP Lookup

Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

 
LVL 18

Expert Comment

by:arantius
ID: 11894969
Correct.  In SQL, just as in any programming language, string constants must be delimted with quotation marks.

@diablo84: or easier still
$query_update = "SELECT * FROM pwd where passwd='{$_POST['pwauth']}'";
0
 

Author Comment

by:Sodus
ID: 11896097
Thanks to StormyWaters, Diablo84, and arantius for answering my question.  Much appreciated.  Since all you responses worked I am going to have to divided up the points this way:
SormyWaters (45) - for first correct reply
Diablo84 (40)
arantius (40)

0
 

Author Comment

by:Sodus
ID: 11896234
My apologies, first time I am doing this.  I meant to split the 125 points three ways but apparently failed at that attempt.
0
 
LVL 27

Expert Comment

by:Diablo84
ID: 11896374
Don't worry Sodus, the important thing is you got your answer :)
0

Featured Post

Free Tool: Postgres Monitoring System

A PHP and Perl based system to collect and display usage statistics from PostgreSQL databases.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Which userID to use for shopping cart application 13 27
Cpanel file manager 8 41
How to obtain the string from a PHP StdObject ? 6 33
ajax to record click 3 16
Introduction HTML checkboxes provide the perfect way for a web developer to receive client input when the client's options might be none, one or many.  But the PHP code for processing the checkboxes can be confusing at first.  What if a checkbox is…
Foreword (July, 2015) Since I first wrote this article, years ago, a great many more people have begun using the internet.  They are coming online from every part of the globe, learning, reading, shopping and spending money at an ever-increasing ra…
The viewer will learn how to dynamically set the form action using jQuery.
The viewer will learn how to look for a specific file type in a local or remote server directory using PHP.

839 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question