i've got a little trouble with a simple query , after i hard code the values within the query its working , however when i personally use a PHP variable there is nothing retrieved , i over check several things such as the query , the database it worth stating that i am obtaining the variable from the form by Publish as well as checked that i am providing them with however when i personally use these questions query they jst dont work :S

here's my code ..PLZ what shall we be held doing wrong ?!!!!!!!!!!!


 $email = $_POST ['emailEnter'] ; 
$password = $_POST ['passwordEnter'];

$connection = mysql_connect('localhost','root','') ;

$db_selected = mysql_select_db("lab5" , $connection) ;

$query = 'select * From user where email="$email" and password="$password" ' ;
$result = mysql_query ($query , $connection);
        echo $row['name'];

You utilize single quotes within the query variable. Single quotes doesn't substitute variables - therefore it searches for literal string $email not the variable email. Either use double quotes as well as use something similar to PDO which may perform the meet your needs.

It's also wise to sanitize your inputs from SQL/XSS weaknesses.

The fundamental debugging steps are 1. adding

if (!$result) echo "Error: ".mysql_error();

to determine any errors in the SQL query and a pair of. outputting

echo "Query: $query";

to determine exactly what the variables contain. One of these simple will show you the issue.

Also, your totally susceptible to SQL injection. You need to give a

$email = mysql_real_escape_string($email);
$password = mysql_real_escape_string($password );

after fetching the values in the Publish array.

Your error most likely resides in because you don’t escape your parameters.

When you are in internet marketing, use MySQLi or PDO (possibly even some prepared claims)

Someone pointed out your utilization of single-quotes, that’s the actual error, my bad.

But my advice still stands. Getting used prepared claims, you would not have fell for your mistake


$query = 'select * From user where email="' . $email . '" and password="'. $password . '" ' ;


$query = "select * From user where email='$email' and password='$password'" ;

Do this rather:

$query = "select * From user where email='" . $email . "' and password='" . $password . "';

Then immediately change that for this rather:

$query = "select * From user where email='" . mysql_real_escape_string($email) . "' and password='" . mysql_real_escape_string($password) . "';


$query = "SELECT * FROM user WHERE email = '".$email."' AND password = '".$password."'";

You've confused the double and single quotes


$query = 'select * From user where email="$email" and password="$password" ' ;

You would like:

$query = "select * From user where email='$email' and password='$password' " ;

Single quotes evaluate to what is literally inside. Double quotes will parse for variables inside. Theres additionally a curly brace syntax you should use.

Suggestions using their company posters for implementing mysql_real_escape or using more recent mysqli or PDO are essential too. At the minimum use mysql_real_escape on parameters which come from user input.

the issue is how you are estimating the variables. Guess that $email= 'some@gmail.com' and $password= 'securenot'.

what we should want may be the final construed string to become the next

choose * from user where email='some@gmail.com' and password='securenot'

to do this we just replace the some@gmail.com for $email and securenot for $password and obtain the next:

choose * from user where email='$email' and password='$password'.

after which in php code ...

$query = "choose * from user where email='$email' and password='$password'"

hope that's of outside assistance