Code Igniter problem, Getting a simple SQL error, what am I doing wrong?
Question
I am following this tutorial series to learn to make a login script. Ive done the entire tutorial, but I Keep getting thrown this error.
I am using CodeIgniter Framework 2.02
This is the error I am getting:
A Database Error Occurred
Error Number: 1054
Unknown column 'anil' in 'where clause'
SELECT user_id FROM users WHERE username = anil AND password = password
Filename: D:\xampp\htdocs\c_login\system\database\DB_driver.php
Line Number: 330<
Here is the function in my model doing the SQL:
function check_login($username, $password)
{
$sha1_password = sha1($password);
// The Guy uses ' ? ' in the video for the below statement and it works
// I tried replacing ? with $username & $password, but it didnt work..
// When I use the ?, I think it does query the DB, but I get the error
// Incorrect Username or Password, Even though it is correct.
// I only have 1 record on my DB, db = c_login, table=users
// Fields are user_id username password email name
$query_str = "SELECT user_id FROM users WHERE username = ? AND password = ?";
$result = $this->db->query($query_str, $username, $sha1_password);
if($result->num_rows() == 1)
{
return $result->row[0]->user_id;
}
else
{
return false;
}
}
Also, if needed, here is my login function in my controller..
public function login()
{
$this->form_validation->set_rules('username', 'Username', 'required|trim|max_length[50]|xss_clean');
$this->form_validation->set_rules('password', 'Password', 'required|trim|max_length[50]|xss_clean');
// If form_validation has NOT been run, load the view login form
if($this->form_validation->run() == FALSE)
{
$this->load->view('view_login');
}
else // Else process login
{
// Process input and login
$username = $this->input->post('username');
$password = $this->input->post('password');
$user_id = $this->User_model->check_login($username, $password);
if( ! $user_id)
{
// Login Failed Error
$this->session->set_flashdata('login_error', TRUE);
redirect('user/login');
}
else
{
// Log them in
$this->session->set_userdata(array(
'logged_in' => TRUE,
'user_id' => $user_id
));
redirect('user/main_page');
}
}
}
So basically, It keeps saying Incorrect Username or Password if I use the Question marks in the SQL query, but if I replace them with the variables $username & $password, I get the error in the first block of code. Error Number: 1054, What am I doing wrong? I could swear its something so simple...
3 answers
solution1
2 2011-06-11 19:50:10
this
SELECT user_id FROM users WHERE username = anil AND password = password
would probably be fixed by using an ' :
SELECT user_id FROM users WHERE username = 'anil' AND password = 'password'
Like this it gets parsed as a string, not as a column name.
solution2
2 ACCPTED 2011-06-11 23:31:29
Try taking advantage of the Active Record and do the following (verbose version for clarity):
function check_login($username, $password)
{
$sha1_password = sha1($password);
$this->db->select('user_id');
$this->db->where('username', $username);
$this->db->where('password', $sha1_password);
$result = $this->db->get('users');
if($result->num_rows() == 1)
{
$row = $result->row();
return $row->user_id;
}
else
{
return false;
}
}
Data is automatically escaped so you don't need to worry about that. In controller, rewrite this part to:
if($user_id == FALSE)
{
$this->session->set_flashdata('login_error', TRUE);
redirect('user/login', 'refresh');
}
else
{
$this->session->set_userdata(array(
'logged_in' => TRUE,
'user_id' => $user_id
));
redirect('user/main_page', 'refresh');
}
solution3
1 2011-06-11 19:55:08
Fix your query bindings:
$result = $this->db->query($query_str, array($username, $sha1_password));
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.