PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!
I have tried for the past 3 hours and cannot seem to find where my code is going wrong. Could someone please read the code below and tell me why it keeps on returning an error when trying to run "mysql_fetch_array()".
Warning: mysql_fetch_array(): supplied argument is not a valid MySQL result resource in /home/iwizard1/public_html/www/internal/do-login.php on line 14
$mysql_query="SELECT * FROM 'login' WHERE 'USERNAME'='$username'";
// should be
$mysql_query="SELECT * FROM `login` WHERE `USERNAME`='" . mysql_real_escape_string($username) . "'";
In MySQL field and table names are quoted using backticks. mysql_real_escape_string is required to allow usernames like this to behave correctly: Billy';drop table login --