Page 1 of 1

Query issues using AND

Posted: Tue Nov 06, 2007 10:49 pm
by johnnymac131
I need to write the following in php code: the variables are varchar

Code: Select all

Select * FROM users WHERE username = $username AND password = $password

Code: Select all

$query = "SELECT * FROM users WHERE username='" . mysql_real_escape_string($username) . "'";

Posted: Wed Nov 07, 2007 5:04 am
by Rovas
Check the result from mysql_real_escape_string.

Posted: Wed Nov 07, 2007 5:16 am
by aceconcepts
Why dont you use mysql_real_escape_string before your query?

Posted: Wed Nov 07, 2007 6:59 am
by johnnymac131
It works but i dont know how to add the "AND" part after the query

Posted: Wed Nov 07, 2007 7:16 am
by aceconcepts

Code: Select all

$query = sprintf("SELECT * FROM users WHERE username='%s' AND password='$password'", mysql_real_escape_string($username));
Password encryption would be a good idea if not already done (MD5 etc...)