0 
<form action = "index.php" method = "post">
username : <input type = "text" name = "uname" /><br>
password : <input type = "text" name = "pass" /><br>
submit : <input type = "submit" name = "submit" value = "submit" />
</form>

<?php
if(isset($_SESSION['id'])){echo $_SESSION['id'];}
if(isset($_POST['submit'])){
if ($_POST['submit'] == 'submit'){

$uname = $_POST['uname'];
$pass = $_POST['pass'];
$db = "davidedwardcakes";
$connect = mysql_connect('localhost', 'root', 'wtfiwwu');
$db_connect = mysql_selectdb($db, $connect);
if(!$db_connect){echo 'no';}

$query = "SELECT * FROM `users` WHERE uname ='$uname' AND pass = '$pass'";
$result = mysql_query($query, $connect);
if(mysql_num_rows($result) > 0){//echo 'index failed'; var_dump($result);}
while($row = mysql_fetch_array($result)){echo $row['uname']
 . "<br>";

session_start();
echo '<a href = "test.php">peruse</a>';
$_SESSION['id'] = $row['id'];}}

else{echo 'lol'; var_dump($query);}}

Whenever I want to login, i get the error: string 'SELECT * FROM users WHERE uname ='brown' AND pass = 'kenji'' (length=61)

meaning that theres a problem with my $query. If I remove the $pass query from $query it works fine but doesn't when it is included. Can anybody help please.

Improve this question
11
  • Huh? Why does that mean there's a problem with your query? That's your var_dump code. Commented May 14, 2014 at 10:51
  • 1
    That's not an error. That's your var_dump($query); code. Commented May 14, 2014 at 10:51
  • 3
    1. Don't store passwords as plain text. 2. Don't use mysql_* functions; they're deprecated. 3. Your code is wide open to SQL injection... Commented May 14, 2014 at 10:51
  • If you really had a SQL syntax error (as the question title states) the query would not even run. Commented May 14, 2014 at 10:52
  • remove var_dump($query) from your code. Commented May 14, 2014 at 10:52

4 Answers 4

Reset to default
1

There's nothing wrong with your query, but there is something wrong with your error reporting. For example, the following line:

if(mysql_num_rows($result) > 0){//echo 'index failed'; var_dump($result);}

Will dump the $result variable when the SQL query returns at least 1 row. Perhaps you meant to use:

if(mysql_num_rows($result) < 1) { echo 'index failed'; var_dump($result); }

Also, some notes of caution:

  1. Don't store passwords as plain text. http://alias.io/2010/01/store-passwords-safely-with-php-and-mysql/
  2. Don't use mysql_* functions; they're deprecated. Look at PDO or MySQLi.
  3. Your code is wide open to SQL injection.
Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

1

change it 

mysql_selectdb($db, $connect);

as 

mysql_select_db($db, $connect);
Improve this answer

3 Comments

according your code connection not create so no query was run
Why? If his DB connection does not work, he'd get no: if(!$db_connect){echo 'no';}
@BenM : You will try i think you will get no : statement. according to my knowlage
0

There is a error in the syntax

$result = mysql_select($query, $connect);

Instead of the above code replace with this code

$result = mysql_select_db($query, $connect);
Improve this answer

Comments

0

If there is some error in your Syntax , Try to use

mysql_num_rows($result) or die('Could not Show result: ' . mysql_error());
Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.