Questions about the MySQL, PostgreSQL, and most other databases, as well as using it with PHP can be asked here.
Moderator: General Moderators
-
johnnymac131
- Forum Newbie
- Posts: 11
- Joined: Sun Oct 28, 2007 11:51 am
Post
by johnnymac131 »
I need to write the following in php code: the variables are varchar
Code: Select all
Select * FROM users WHERE username = $username AND password = $password
Code: Select all
$query = "SELECT * FROM users WHERE username='" . mysql_real_escape_string($username) . "'";
-
Rovas
- Forum Contributor
- Posts: 272
- Joined: Mon Aug 21, 2006 7:09 am
- Location: Romania
Post
by Rovas »
Check the result from mysql_real_escape_string.
-
aceconcepts
- DevNet Resident
- Posts: 1424
- Joined: Mon Feb 06, 2006 11:26 am
- Location: London
Post
by aceconcepts »
Why dont you use mysql_real_escape_string before your query?
-
johnnymac131
- Forum Newbie
- Posts: 11
- Joined: Sun Oct 28, 2007 11:51 am
Post
by johnnymac131 »
It works but i dont know how to add the "AND" part after the query
-
aceconcepts
- DevNet Resident
- Posts: 1424
- Joined: Mon Feb 06, 2006 11:26 am
- Location: London
Post
by aceconcepts »
Code: Select all
$query = sprintf("SELECT * FROM users WHERE username='%s' AND password='$password'", mysql_real_escape_string($username));
Password encryption would be a good idea if not already done (MD5 etc...)