Darko Borojevic Darko Borojevic - 1 month ago 18
MySQL Question

SQL php vars syntax error

I need help with following part of login php script:

$name = mysqli_real_escape_string($connection, $_POST["login"]);
$password = mysqli_real_escape_string($connection, $_POST["password"]);

$sql = "SELECT FROM usersdata WHERE user_password = $password AND user_name = $name";


The server is giving me following error:


"You have an error in your SQL syntax; check the manual that
corresponds to your MariaDB server version for the right syntax to use
near 'FROM usersdata WHERE user_password = something AND user_name =
something' at line 1".


Obviously there is a error with writing php variables in query string such as they are, but I dont know exactly how i should contecate them. Its ridiciolous how SQL queries can be sometimes so frustrating when everything else is working perfectly.

Answer

You forgot the columns or * in the query. It should be :

$sql = "SELECT * FROM usersdata WHERE user_password = $password AND user_name = $name"; 

Also use prepared statements. http://php.net/manual/en/mysqli.quickstart.prepared-statements.php

Comments