When I do the following code, the result doesn't look right: (I rewrote the true password below with a fake one.)
Code: Select all
$sql = "SELECT client_no, access_level, logo_file, main_page, last_login, audit_year, active_client,
email_address FROM $table_name WHERE login_id='$myusername' and
login_password=aes_encrypt('$mypassword', 'bubbagump')";
print("<br/>");
print($sql);
print("<br/>");
SELECT client_no, access_level, logo_file, main_page, last_login, audit_year, active_client, email_address FROM logins WHERE login_id='' and login_password=aes_encrypt('', 'bubbagump')
It looks like the two single quotes around $myusername came together because the rendered value wasn't there. So, it appears as if you have WHERE login_id='' is double quotes, but it must be single quotes.
Notice that after
WHERE login_id=''
that there is just nothing. I have checked to see if the variable $myusername has picked up the POST myusername and it has, so this should absolutely work. It isn't working, and I get "Wrong Username or Password". However, the same exact code is used on our production website and it works just fine.