I am trying to write an SQL statement that fetches the value in the "userkey" field when the "username" and "userpassword" are equal. The "username" and "userpassword" are contained in variables passed using $_POST. The statement follows:
$sql = "SELECT userkey FROM tbl_name WHERE (username = ".$_POST['username'].") AND (userpassword = ".$_POST['password'].")";
Assuming the username is "John", the results of the above query is:
Unknown column 'john' in 'where clause'
Might someone correct my syntax to yield the desired results: the userkey?