Page 1 of 1

Telling me syntax error..but there isnt! (i think)

Posted: Sun Sep 12, 2010 6:45 am
by bian101
Hey,

I get this error outputted:

You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'AND `banned` = '0'' at line 3

The code its refering too is

Code: Select all

$result = mysql_query("SELECT `id`,`pwd`,`full_name`,`approved`,`user_level` FROM users WHERE 
           $user_cond
			AND `banned` = '0'
			") or die (mysql_error()); 
$num = mysql_num_rows($result);
I see nothing wrong here :/ any help is welcome ofc :) :)

Re: Telling me syntax error..but there isnt! (i think)

Posted: Sun Sep 12, 2010 7:25 am
by requinix
I don't see anything wrong either, but if I use my brain to think about it then I'll come up with an idea.

That idea is to look at the value of $user_cond.

Re: Telling me syntax error..but there isnt! (i think)

Posted: Sun Sep 12, 2010 7:29 am
by bian101
tasairis wrote:I don't see anything wrong either, but if I use my brain to think about it then I'll come up with an idea.

That idea is to look at the value of $user_cond.
Yep, but the thing is, if i comment out a above "function" (not funtion just using that as a figure of speech) which does what this "function does".

Okay basically, its a login page, you can login with your credentials OR facebook. Now if i comment the same code but modified for facebook (value in database is uid [a unique series of numbers for fb account]) then it works, i comment this out:

Code: Select all

$fbsql = "SELECT `uid` FROM users WHERE `uid` = '$uid' AND `banned` = '0' ";
		
$fbresult = mysql_query($fbsql) or die (mysql_error().$fbsql);
$fbnum = mysql_num_rows($fbresult);

  // Match row found with more than 1 results  - the user is authenticated. 
    if ( $fbnum = 1 ) { 
	mysql_query ("SELECT * FROM users")or die (mysql_error());
	
	list($id,$pwd,$full_name,$approved,$user_level,$des,$dream,$uid) = mysql_fetch_row($result);
	
	if(!$approved) {
	//$msg = urlencode("Account not activated. Please check your email for activation code");
	$err[] = "Account not activated. Please check your email for activation code";
	
	//header("Location: login.php?msg=$msg");
	 //exit();
	 }
	 
		//check against salt
	if ($pwd === PwdHash($pass,substr($pwd,0,9))) { 
	if(empty($err)){			

     // this sets session and logs user in  
       session_start();
	   session_regenerate_id (true); //prevent against session fixation attacks.

	   // this sets variables in the session 
		$_SESSION['user_id']= $id;  
		$_SESSION['user_name'] = $full_name;
		$_SESSION['user_level'] = $user_level;
		$_SESSION['des'] = $des;
		$_SESSION['dream'] = $dream;
		$_SESSION['uid'] = $uid;
		$_SESSION['HTTP_USER_AGENT'] = md5($_SERVER['HTTP_USER_AGENT']);
		
		//update the timestamp and key for cookie
		$stamp = time();
		$ckey = GenKey();
		mysql_query("update users set `ctime`='$stamp', `ckey` = '$ckey' where id='$id'") or die(mysql_error());
		
		//set a cookie 
		
	   if(isset($_POST['remember'])){
				  setcookie("user_id", $_SESSION['user_id'], time()+60*60*24*COOKIE_TIME_OUT, "/");
				  setcookie("user_key", sha1($ckey), time()+60*60*24*COOKIE_TIME_OUT, "/");
				  setcookie("user_name",$_SESSION['user_name'], time()+60*60*24*COOKIE_TIME_OUT, "/");
				   }
		  header("Location: myaccount.php");
		 }
		}
		else
		{
		//$msg = urlencode("Invalid Login. Please try again with correct user email and password. ");
		$err[] = "Invalid Login. Please try again with correct user email and password.";
		//header("Location: login.php?msg=$msg");
		}
	} else {
		$err[] = "Error - Invalid login. No such user exists";
	  }		
}

Then this code for manual login works:

Code: Select all

$result = mysql_query("SELECT `id`,`pwd`,`full_name`,`approved`,`user_level` FROM users WHERE 
           $user_cond
			AND `banned` = '0'
			") or die (mysql_error()); 
$num = mysql_num_rows($result);

  // Match row found with more than 1 results  - the user is authenticated. 
    if ( $num = 1 ) { 
	
	list($id,$pwd,$full_name,$approved,$user_level,$des,$dream,$uid) = mysql_fetch_row($result);
	
	if(!$approved) {
	//$msg = urlencode("Account not activated. Please check your email for activation code");
	$err[] = "Account not activated. Please check your email for activation code";
	
	//header("Location: login.php?msg=$msg");
	 //exit();
	 }
	 
		//check against salt
	if ($pwd === PwdHash($pass,substr($pwd,0,9))) { 
	if(empty($err)){			

     // this sets session and logs user in  
       session_start();
	   session_regenerate_id (true); //prevent against session fixation attacks.

	   // this sets variables in the session 
		$_SESSION['user_id']= $id;  
		$_SESSION['user_name'] = $full_name;
		$_SESSION['user_level'] = $user_level;
		$_SESSION['des'] = $des;
		$_SESSION['dream'] = $dream;
		$_SESSION['uid'] = $uid;
		$_SESSION['HTTP_USER_AGENT'] = md5($_SERVER['HTTP_USER_AGENT']);
		
		//update the timestamp and key for cookie
		$stamp = time();
		$ckey = GenKey();
		mysql_query("update users set `ctime`='$stamp', `ckey` = '$ckey' where id='$id'") or die(mysql_error());
		
		//set a cookie 
		
	   if(isset($_POST['remember'])){
				  setcookie("user_id", $_SESSION['user_id'], time()+60*60*24*COOKIE_TIME_OUT, "/");
				  setcookie("user_key", sha1($ckey), time()+60*60*24*COOKIE_TIME_OUT, "/");
				  setcookie("user_name",$_SESSION['user_name'], time()+60*60*24*COOKIE_TIME_OUT, "/");
				   }
		  header("Location: myaccount.php");
		 }
		}
		else
		{
		//$msg = urlencode("Invalid Login. Please try again with correct user email and password. ");
		$err[] = "Invalid Login. Please try again with correct user email and password.";
		//header("Location: login.php?msg=$msg");
		}
	} else {
		$err[] = "Error - Invalid login. No such user exists";
	  }		
Which to me is strange :(

Re: Telling me syntax error..but there isnt! (i think)

Posted: Sun Sep 12, 2010 11:01 am
by AbraCadaver
What tasairis is getting at is the value of $user_cond. Before the query, echo $user_cond;