1

This is my code but on clicking Login button it shows error like this

Connection MaintainedError: select * from signup where username='abc' and password='1234'

if(isset($_POST['log'])){
$uname = $_POST['uname'];
$pass = $_POST['pass'];
$dbm = new MySQLi("localhost","root","","lsa");
    if($dbm->connect_errno > 0){
        die("Error".$dbm->connect_error);
        }
        var_dump($dbm);
        echo "Connection Maintained";
        $up = "update signup set username = concat(First_name, ' ' , Last_Name)";
        $qm="select * from signup where username='$uname' and password='$pass'";
        if ($dbm->query($qm) === TRUE) {
            echo "New record created successfully";
            } else {
                echo "Error: " . $qm . "<br>" . $dbm->error;
                }   

$dbm->close();

here is my login form code*

<form action="Admin.php" method="post">
<fieldset style="text-align:center; margin-left:2%; margin-top:9%; margin-right:10%">
<legend style="text-align:start; font-family:'Palatino Linotype', 'Book Antiqua', Palatino, serif; color:#FFF; font-size:36px">Login
</legend>
<br /><input type="text" placeholder=" Username" name="uname" title="Your First Name" style="height:25px; width:200px" required="required"  /><br /><br />
<input type="password" placeholder=" Password" name="pass" style="height:25px; width:200px" required="required" /><br /><br />
<input type="submit" value="Login" name="log" style=" border-radius:50%; border-color:#FFF; width:100px" />
<br />
<br />
</fieldset>
</form>
chris85
  • 23,846
  • 7
  • 34
  • 51
Farwa Ansari
  • 75
  • 8
  • 1
    Before we go any further, your code in its present form is highly susceptible to SQL Injection attacks. Read http://php.net/manual/en/security.database.sql-injection.php – Ragdata Sep 13 '15 at 22:25
  • Also, the use of inline styles is discouraged. – user2182349 Sep 13 '15 at 22:27
  • Possible duplicate of [MySQL select with CONCAT condition](http://stackoverflow.com/questions/5734570/mysql-select-with-concat-condition) – Ragdata Sep 13 '15 at 22:31

1 Answers1

0

Quote from php.net about the return value of mysqli::query:

Returns FALSE on failure. For successful SELECT, SHOW, DESCRIBE or EXPLAIN queries mysqli_query() will return a mysqli_result object. For other successful queries mysqli_query() will return TRUE.

So line 12 is a problem. That's prob. why you are getting an error (at least one option, check out http://php.net/manual/en/mysqli.query.php)

But that is not the answer to the title of the question, If you are trying to concat data in the database and compare the data to more data that's in the database then use a subquery (https://dev.mysql.com/doc/refman/5.0/en/subqueries.html)

Edit:

Also, and this is only a suspicion of mine, when you echo after the fail of the query you are not getting an error code/str ($dbm->error) that may be because their is no error and $dbm->error is NULL

Edit 2: It seems that you are not using $up at all in the code, am I wrong?

0xGiddi
  • 404
  • 2
  • 12