Page 1 of 2

A select Statement using "AND"

Posted: Mon Sep 09, 2002 5:10 am
by Love_Daddy
Hi All,

I wrote an SQL statement and it gives me an error.

The statement is like this:

$SQL = "Select * from users where emp_no = $emp_no AND password = '$password' ";

And I get the following error:

Warning: PostgreSQL query failed: ERROR: parser: parse error at or near "AND"
in /var/www/html/Voffice/login.php on line 23

Line 23 =
$results = pg_exec($conn,$SQL);

What could be the problem since I need to use both the username and password to authenticate.
And when I use only the emp_no, is works fine.

Posted: Mon Sep 09, 2002 6:05 am
by mikeq
Try taking the space away after the single quote

...= '$password' ";

should be

...= '$password'";

perhaps :?:

Posted: Mon Sep 09, 2002 6:15 am
by Love_Daddy
Thanks, But how do I make sure that my username and password doesn't show on the
URL location?
Can anyone show me a basic script of using sessions, for I've tried reading them and I don't
understand.
So Could I get a basic script explaining them from top to bottom please?
And how will I see that if the session registered?

Posted: Mon Sep 09, 2002 6:28 am
by sjunghare
Session registered ??? Will that query runs ? You may try as follow

Code: Select all

$SQL = "SELECT * from users where (emp_no = $emp_no AND password = '$password')";

Sachin Junghare
________________________

Post Your Question with full decription !!!!

?>

Posted: Mon Sep 09, 2002 6:35 am
by Love_Daddy
Thanks it looks fine.

Posted: Mon Sep 09, 2002 7:43 am
by 9902468
Basic sessions are pretty easy. Just call session_start() at the start of the page and session is available. Now you can save session variable like this:

$_SESSION ["user_pswd"] = $user_pswd;

And it stays in the memory as long as user keeps her/his browser open. So, you can do like this from any given page that the user opens during that session.

print($_SESSION["user_pswd"]); and the contents that originally was in $user_pswd is printed out.

Sometimes users get confused like "How can I tell whos password is saved to $_SESSION["user_pswd"]"? You can't. Period. PHP takes care of that. (Actually I guess that you can if you read the session file from the harddisk... and examine that...) Anyhow 100's of users could be using that same page and same script at the same time, and php would still keep count that variables wouldn't be mixed between users, so don't worry about that.

If you want to delete session variable you can say

unset ($_SESSION["user_pswd"]);

or empty whole session:

unset ($_SESSION);

This was the quick&dirty crash course to sessions.... so if you do something important remember to learn more yourself.

NOTE! You can't save/read session variables before session_start is called. (Unless php.ini has been configured to do so.)

--9902468

Posted: Mon Sep 09, 2002 7:43 am
by DSM

Code: Select all

<?php $SQL = "SELECT * from users where (emp_no = $emp_no AND password = '$password')";  ?>
this needs to be quoted.

Code: Select all

<?php  $emp_no  ?>

Code: Select all

<?php  '$emp_no'  ?>

Posted: Mon Sep 09, 2002 7:48 am
by Takuma
$SQL = "Select * from users where emp_no = '$emp_no' AND password = '$password'";

Posted: Mon Sep 09, 2002 7:58 am
by Coco
i thought that depended on whether the variable was a string or an int?

Posted: Mon Sep 09, 2002 8:17 am
by mikeq
It does Coco, and if everyone else had read his first post properly you would see that he said
And when I use only the emp_no, is works fine.
so it was only an error after he added the 'AND password = '$password' ";' part. Therefore it mus be an error with that part.

Posted: Mon Sep 09, 2002 8:25 am
by Coco
Love_Daddy wrote:Thanks, But how do I make sure that my username and password doesn't show on the
URL location?
use POST?
not as secure as sessions but better than GET

Posted: Mon Sep 09, 2002 9:18 am
by m3mn0n
I would use sessions since guessing URL's for pages that are not directly linked to the site is pretty easy.

Posted: Tue Sep 10, 2002 1:42 am
by Love_Daddy
Thankl you guys..
I've used "Post" Method and everything works fine.
And I'm still learning sessions and thanks for the sessions crash course.

Will keep in touch of any developments.

Posted: Tue Sep 10, 2002 5:07 am
by mikeq
Did you fix your select statement, if so how?

Posted: Tue Sep 10, 2002 5:08 am
by Takuma
Does INT or STRING matter in MySQL query?