1. Home
  2. Forums Index
  3. Server Side / PHP Server Side Scripting 10:27 am May 2, 2026

Forum Moderators: coopster

Message Too Old, No Replies

SQL Statement problem

this is baffling me can someone help?

         

bysonary

2:00 pm on Jan 31, 2007 (gmt 0)

10+ Year Member



Hello, I am hoping someone can help me clear this up, I am getting a message in my php login script like this.

Unable to verify user because : You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'tadministrators WHERE uname='Chris' AND pwd='1234567''

and when i look at the part of my code it says to look at which is the SQL statement i see this.

$query = "SELECT * tadministrators WHERE uname='$user' AND pwd='$pass'";

now can anyone see any problems with that at all?

If so can you please tell me how to correct it.

incase it matters I have included the entire script below...

<?php
session_start();
include '/home/www/juttuffi/header.php';
include '/home/www/juttuffi/dbc.php';
?>
<form action="<?php $_SERVER['PHP_SELF'];?>" method="post">
<table width="300" border="0" cellspacing="0" cellpadding="2" class="tablemain">
<tr>
<td width="8%" class="tableheader"><span class="tblheader">Login</span></td>
<td with="92%" class="tableheader"></td>
</tr>
<tr>
<td width="8%" class="tablebody"><span class="tblbody">Username:</span></td>
<td width="92%"class="tablebody"><span class="tblbody"><input type="text" name="usern" /></span></td>
</tr>
<tr>
<td width="8%" class="tablebody"><span class="tblbody">Password:</span></td>
<td width="92%" class="tablebody"><span class="tblbody"><input type="password" name="passw" /></span></td>
</tr>
</table>
<input type="submit" name="Submit" value="Submit" />
</form>

<?php
if(isset($_POST['usern']) && $_POST['passw'])
{
$user = $_POST['usern'];
$pass = $_POST['passw'];

$query = "SELECT * tadministrators WHERE uname='$user' AND pwd='$pass'";
$result = mysql_query($query) or die("Unable to verify user because : " . mysql_error());

if(mysql_num_rows($result) == 1)
{
while ($row = mysql_fetch_array($result, MYSQL_ASSOC))
{
$_SESSION['usrname'] = $row['uname'];
}

$_SESSION['Authenticated'] = true;
header('Location: [mydomain.co.uk...]
}
else
{
$err = "ERROR: Incorrect Username and/or Password";
}

echo '<span class="notice">';
echo $err;
echo '</span>';
echo '<br>';
echo ($result);
}
?>

Nutter

2:23 pm on Jan 31, 2007 (gmt 0)

10+ Year Member



$query = "SELECT * tadministrators WHERE uname='$user' AND pwd='$pass'";

should be

$query = "SELECT * FROM tadministrators WHERE uname='$user' AND pwd='$pass'";

Psychopsia

2:27 pm on Jan 31, 2007 (gmt 0)

10+ Year Member



The FROM part is missing:

$query = "SELECT * FROM tadministrators WHERE uname='" . mysql_escape_string($user) . "' AND pwd='" . mysql_escape_string($pass) . "'";

Also add mysql_escape_string [php.net] to avoid SQL injections.

whoisgregg

3:11 pm on Jan 31, 2007 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member



The mysql_escape_string function is deprecated and should not be used... mysql_real_escape_string() [php.net] is the function to use now.
 

Join The Conversation

Moderators and Top Contributors

Hot Threads This Week

  1. Home
  2. Forums Index
  3. Server Side / PHP Server Side Scripting 10:27 am May 2, 2026