I have the following query:
$select_query = "SELECT * FROM users WHERE userName='$user_name', password='$password'";
The problem is that the query always fail, so how can I fix the 'WHERE' condition?
Asked
Active
Viewed 127 times
-1
Nave Tseva
- 868
- 8
- 24
- 47
-
1You're looking for `AND` instead of a comma. – Mike Aug 09 '13 at 17:35
3 Answers
4
You need to use AND
$select_query = "SELECT * FROM users WHERE userName='$user_name' AND password='$password'";
cmorrissey
- 8,493
- 2
- 23
- 27
1
You'll need boolean logic for it:
$select_query = "SELECT * FROM users WHERE userName='$user_name' AND password='$password'";
Of course, this assumes you want the username and password to match. If you want either to match, you should use OR. This is all quite basic database stuff. Please read the documentation or get yourself a good book.
Bart Friederichs
- 33,050
- 15
- 95
- 195
0
you need to use AND to separate your conditions.
where username ='$user_name' and password='$password'
Also, be aware that coding this way may make you vulnerable to SQL injection bugs/attacks.
Steven Mastandrea
- 2,752
- 20
- 26
-
Well, it is possible that $user_name and $password have been screened and any other characters escaped out. As a matter of good practice, though, I would not recommend relying on that assumption. – Steven Mastandrea Aug 09 '13 at 17:38
-
I wouldn't jump to conclusions though. There is nothing inherently vulnerable in the one line of code provided. We could also probably mention that the OP shouldn't be storing passwords in plain text either, but again, we would be jumping to conclusions. – Mike Aug 09 '13 at 17:41
-
It's a good practice to jump to security related conclusions, point out the possible problem and actually verify that the problem does not exist, instead of assuming that the problem does not exist and do nothing about it. – Sven Aug 09 '13 at 17:46