Page 1 of 1

TSTRING PROBLEM! i come from sweden..

Posted: Wed Feb 19, 2003 11:34 am
by ogge92
Before you read the other text:
i come from sweden so i may not write everything so good

The problem is that my code shows the message:
T_STRING in c:\program\easyphp\www\sidan\login\check.php on line 12

in this code:

Code: Select all

&#1111;php]<?php 
session_start(); 
$username=$_POST&#1111;'username']; 
$password=$_POST&#1111;'password']; 
$open = mysql_connect("localhost", "gefan", "gefan"); 
mysql_select_db("users", $open); 
$sql = "SELECT id FROM users WHERE username='$username' AND password='$password'"; 
$result = mysql_query($sql); 
if (mysql_num_rows($result) == 0) &#123; 
  header("Location: /sidan/login/wrong.php"); 
  exit; 
&#125; 
else &#123; 
$connect = mysql_connect("localhost", "imitt", lösenord"); 
mysql_select_db("users", $connect); 
mysql_query("UPDATE users SET senast=now(),antalbesok=antalbesok+1 WHERE username='$username'"); 
  $_SESSION&#1111;'id'] = mysql_result($result, 0); 
  $_SESSION&#1111;'username'] = $_POST&#1111;'username'];  
  header("Location: /sidan/start/index.php"); 
  exit; 
&#125; 
?>
?>&#1111;/php]
what is my problem?
?>

Posted: Wed Feb 19, 2003 3:24 pm
by RedDragon
the only thing i could imagine would be that $password or $username contain invalid characters such as ' or " which would kill the query syntax:

example:

$username = "''John''";
$sql = "SELECT id FROM users WHERE username='$username'

this would be parsed as
$sql = "SELECT id FROM users WHERE username=''John'';
which is not valid syntax...


hope you understood me :P

Posted: Wed Feb 19, 2003 3:42 pm
by Stoker
its obveious; You're sweedish!
:wink: I'm Norwegian so it's mandatory to pick on sweedes.. :D

in
$connect = mysql_connect("localhost", "imitt", lösenord");
you are missing a quote before the password..