I am having trouble with validation.
When I validate a user I'm getting errors with special characters in the username and password.
The error appears in $result = mysql_query($sql)
Username is similar to this: username@honeycombworldwide.com
Password is similar to this: password!
----
Code: Select all
$password = $_POST['password'];
$username = $_POST['username'];
$sql = "SELECT * FROM it_mem WHERE Mem_Email=".$username." AND Mem_Password=".$password;
$result = mysql_query($sql) or die (mysql_error());When I echo $result with $username and $password filters, i get this error:
Code: Select all
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '@honeycombworldwide.com AND Mem_Password=password!' at line 1Code: Select all
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '!' at line 1--
Any idea? Thanks for looking