Something wrong about an sql statement in php
Posted: Fri Dec 23, 2005 4:49 pm
Hi. I can not understand what is wrong with this statement. I looked at once, twice and lots of times...
The query:
$query = "Select sname from users where username = $uname AND passwd = $pass";
is wrong. But its not wrong due to the grammar of sql. Can anybody show me a way? Thanks for your helps...
Code: Select all
<?php
session_start();
$link = mysql_connect('localhost', 'root')
or die('Could not connect: ' . mysql_error());
mysql_select_db('cse343') or die('Could not select database');
$uname = $_POST['user_name'];
$pass = $_POST['password'];
$_SESSION['username'] = $uname;
$check = check_authentication ($username, $password);
if ( $check )
{
echo "<a href=\"modify_e.php?id=$uname\">insert or update or delete EDUCATION table</a><br />";
echo "<a href=\"modify_j.php?id=$uname\">insert or update or delete JOB table</a><br />";
echo "<a href=\"cv.php?id=$uname\">view CV </a><br />";
}
else
{
echo "The username and password is wrong";
}
function check_authentication($username,$password)
{
$query = "Select sname from users where username = $uname AND passwd = $pass";
$result = mysql_query($query);
$row = mysql_num_rows($result);
if ($row==1)
{
return true;
}
else
{
return false;
}
}
?>The query:
$query = "Select sname from users where username = $uname AND passwd = $pass";
is wrong. But its not wrong due to the grammar of sql. Can anybody show me a way? Thanks for your helps...