Posted by Tom Rogers on 10/20/01 11:16

Hi,

Wednesday, May 18, 2005, 4:27:34 PM, you wrote:
MS> Hi All,

MS> the below code generates this error,

MS> Unknown column 'peterspeters' in 'where clause'

MS> mysql_select_db("status", $db);
MS> $username = $_POST["username"];
MS> $password = $_POST["password"];
MS> $result = mysql_query("SELECT customer_id FROM Customers WHERE
MS> customer_username = $username AND customer_password = $password") or die
MS> (mysql_error());
MS> $myrow = mysql_fetch_row($result);
MS> $customer_id = $myrow[0];
MS> $_SESSION['customer_id'] = $customer_id;
?>>
MS> </head>
MS> <body>
MS> <?php
MS> echo 'SQL Query: '.$result.'<br>';
MS> echo "CustomerID = $customer_id";
?>>

MS> Cheers.

MS> Mark Sargent.


You need to put the variables in single quotes, otherwise mysql treats
it as a column name. You should also escape the strings to be safe if
magic_quotes are turned off in php.ini

A bit like this:

mysql_select_db("status", $db);
$username = mysql_escape_string($_POST["username"]);
$password = mysql_escape_string($_POST["password"]);
$result = mysql_query("
SELECT customer_id
FROM Customers
WHERE customer_username = '$username'
AND customer_password = '$password'") or die (mysql_error());
$myrow = mysql_fetch_row($result);
$customer_id = $myrow[0];
$_SESSION['customer_id'] = $customer_id;

--
regards,
Tom

• Next in forum: RE: [PHP] Unknown column 'peterspeters' in 'where clause'
• Prev in forum: Re: PHP Complex Data Structures
• Thread view: Re: [PHP] Unknown column 'peterspeters' in 'where clause'

[Reply to this message]