A select Statement using "AND"

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

User avatar
Love_Daddy
Forum Commoner
Posts: 61
Joined: Wed Jul 10, 2002 6:55 am
Location: South Africa
Contact:

A select Statement using "AND"

Post by Love_Daddy »

Hi All,

I wrote an SQL statement and it gives me an error.

The statement is like this:

$SQL = "Select * from users where emp_no = $emp_no AND password = '$password' ";

And I get the following error:

Warning: PostgreSQL query failed: ERROR: parser: parse error at or near "AND"
in /var/www/html/Voffice/login.php on line 23

Line 23 =
$results = pg_exec($conn,$SQL);

What could be the problem since I need to use both the username and password to authenticate.
And when I use only the emp_no, is works fine.
User avatar
mikeq
Forum Regular
Posts: 512
Joined: Fri May 03, 2002 3:33 am
Location: Edinburgh, Scotland

Post by mikeq »

Try taking the space away after the single quote

...= '$password' ";

should be

...= '$password'";

perhaps :?:
User avatar
Love_Daddy
Forum Commoner
Posts: 61
Joined: Wed Jul 10, 2002 6:55 am
Location: South Africa
Contact:

Post by Love_Daddy »

Thanks, But how do I make sure that my username and password doesn't show on the
URL location?
Can anyone show me a basic script of using sessions, for I've tried reading them and I don't
understand.
So Could I get a basic script explaining them from top to bottom please?
And how will I see that if the session registered?
User avatar
sjunghare
Forum Newbie
Posts: 16
Joined: Tue Sep 03, 2002 6:22 am
Location: Pune

Post by sjunghare »

Session registered ??? Will that query runs ? You may try as follow

Code: Select all

$SQL = "SELECT * from users where (emp_no = $emp_no AND password = '$password')";

Sachin Junghare
________________________

Post Your Question with full decription !!!!

?>
User avatar
Love_Daddy
Forum Commoner
Posts: 61
Joined: Wed Jul 10, 2002 6:55 am
Location: South Africa
Contact:

Post by Love_Daddy »

Thanks it looks fine.
User avatar
9902468
Forum Commoner
Posts: 89
Joined: Thu Jun 06, 2002 6:39 am
Location: Europe

Post by 9902468 »

Basic sessions are pretty easy. Just call session_start() at the start of the page and session is available. Now you can save session variable like this:

$_SESSION ["user_pswd"] = $user_pswd;

And it stays in the memory as long as user keeps her/his browser open. So, you can do like this from any given page that the user opens during that session.

print($_SESSION["user_pswd"]); and the contents that originally was in $user_pswd is printed out.

Sometimes users get confused like "How can I tell whos password is saved to $_SESSION["user_pswd"]"? You can't. Period. PHP takes care of that. (Actually I guess that you can if you read the session file from the harddisk... and examine that...) Anyhow 100's of users could be using that same page and same script at the same time, and php would still keep count that variables wouldn't be mixed between users, so don't worry about that.

If you want to delete session variable you can say

unset ($_SESSION["user_pswd"]);

or empty whole session:

unset ($_SESSION);

This was the quick&dirty crash course to sessions.... so if you do something important remember to learn more yourself.

NOTE! You can't save/read session variables before session_start is called. (Unless php.ini has been configured to do so.)

--9902468
Last edited by 9902468 on Mon Sep 09, 2002 7:46 am, edited 1 time in total.
DSM
Forum Contributor
Posts: 101
Joined: Thu May 02, 2002 11:51 am
Location: New Mexico, USA

Post by DSM »

Code: Select all

<?php $SQL = "SELECT * from users where (emp_no = $emp_no AND password = '$password')";  ?>
this needs to be quoted.

Code: Select all

<?php  $emp_no  ?>

Code: Select all

<?php  '$emp_no'  ?>
User avatar
Takuma
Forum Regular
Posts: 931
Joined: Sun Aug 04, 2002 10:24 am
Location: UK
Contact:

Post by Takuma »

$SQL = "Select * from users where emp_no = '$emp_no' AND password = '$password'";
Coco
Forum Contributor
Posts: 339
Joined: Sat Sep 07, 2002 5:28 am
Location: Leeds, UK
Contact:

Post by Coco »

i thought that depended on whether the variable was a string or an int?
User avatar
mikeq
Forum Regular
Posts: 512
Joined: Fri May 03, 2002 3:33 am
Location: Edinburgh, Scotland

Post by mikeq »

It does Coco, and if everyone else had read his first post properly you would see that he said
And when I use only the emp_no, is works fine.
so it was only an error after he added the 'AND password = '$password' ";' part. Therefore it mus be an error with that part.
Coco
Forum Contributor
Posts: 339
Joined: Sat Sep 07, 2002 5:28 am
Location: Leeds, UK
Contact:

Post by Coco »

Love_Daddy wrote:Thanks, But how do I make sure that my username and password doesn't show on the
URL location?
use POST?
not as secure as sessions but better than GET
User avatar
m3mn0n
PHP Evangelist
Posts: 3548
Joined: Tue Aug 13, 2002 3:35 pm
Location: Calgary, Canada

Post by m3mn0n »

I would use sessions since guessing URL's for pages that are not directly linked to the site is pretty easy.
User avatar
Love_Daddy
Forum Commoner
Posts: 61
Joined: Wed Jul 10, 2002 6:55 am
Location: South Africa
Contact:

Post by Love_Daddy »

Thankl you guys..
I've used "Post" Method and everything works fine.
And I'm still learning sessions and thanks for the sessions crash course.

Will keep in touch of any developments.
User avatar
mikeq
Forum Regular
Posts: 512
Joined: Fri May 03, 2002 3:33 am
Location: Edinburgh, Scotland

Post by mikeq »

Did you fix your select statement, if so how?
User avatar
Takuma
Forum Regular
Posts: 931
Joined: Sun Aug 04, 2002 10:24 am
Location: UK
Contact:

Post by Takuma »

Does INT or STRING matter in MySQL query?
Post Reply