PHP How can I do multiple where conditions?
Question
This is my current code for taking a user log in:
<?php
$uName = "";
$uNameMsg = "";
$pWord = "";
$pWordMsg = "";
if(isset($_POST["submit"])){
$uName = $_POST["username"];
if (empty($uName)) {
$uNameMsg = "please enter a username<br/>";
}
$pWord = $_POST["password"];
if (empty($pWord)) {
$pWordMsg = "please enter a password<br/>";
}
}
?>
//form goes here
<?php
require_once("conn.php");
$sql = "SELECT username, password FROM customers
WHERE username = $uName
AND password = $pWord";
$results = mysqli_query($conn, $sql)
or die ('Problem with query' . mysqli_error($conn));
if (mysqli_num_rows($results) < 1) {
echo "invalid username and password";
} else {
echo "query success, redirect header goes here";
}
?>
I get a syntax error saying that the 'AND password =' clause is wrong. and then it is saying that the error is located at line 3, my tag, while the 'AND password ='is in line 75.
this is the start of my code from line 1:
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8">
<title>Customer Login</title>
<link rel="stylesheet" href="customerlogin.css">
</head>
5 answers
solution1
3 2016-05-26 04:00:23
You can use this.This definitely gonna work:
$sql = "SELECT username, password FROM customers
WHERE username = '$uName'
AND password = '$pWord'";
solution2
1 2016-05-26 03:53:34
Your variable string concatenation is wrong in the SQL statement try the bellow one instead of your query code line
$sql = "SELECT username, password FROM customers
WHERE username = '".$uName." '
AND password = '".$pWord."'";
solution3
1 2016-05-26 03:56:36
Change your query like this:
$sql = "SELECT username, password FROM customers WHERE username = '$uName ' AND password = '$pWord'";
When you pass string value you should cover with quotes.
solution4
0 2016-05-26 03:54:31
Change your query in php as follows
$sql = "SELECT username, password FROM customers
WHERE username = '{$uName}'
AND password = '{$pWord}'";
I assume username is a string,so it needs to be passed as string using ''
solution5
0 2016-05-26 05:04:22
You missed quote ' around the values. You can use only numbers without quotes as values strings should be quoted. Your query is vulnerable to sql enjection so either escape your fields or use pdo. See below code for escaping the fields.
$pWord = $conn->real_escape_string($pWord);
$uName = $conn->real_escape_string($uName);
$sql = "SELECT username, password FROM customers
WHERE username = '$uName'
AND password = '$pWord'";
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.