Hi Developers.
i’m new to php and trying to build up my first log-in form,
the database has already a table with few rows filled in, what i would like to do is to pass a variable into the WHERE clause so that it could be matched with the data stored into the database’s table, if so…throw out whatever “in this case the user’s page, but as soon as i press the submit it tells me that there is no row with that name while instead there is! “Unknown column ‘root’ in ‘where clause'”;
can you take a look to the code?
logging into mysql and prevalidations are ok, the variable ‘$conn’ it represent the connection.
// code
if(isset($_POST[‘submit’])){
if(! get_magic_quotes_gpc()){
$user= addslashes($_POST[‘user’]);
$pass=addslashes($
}
$user= $_POST[‘user’];
$pass= $
$sql= “SELECT age,mail,sub_date FROM tableusers WHERE username= $user AND pass= SHA1($pass)”;
mysql_select_db(‘MEMBERS’);
$fetch= mysql_query($sql,$conn);
if(! $fetch){
die(“could not get data from mysql:”. mysql_error());
}
while($row= mysql_fetch_array($fetch, MYSQL_ASSOC)){
echo “your age is: {$row[‘age’]}<br />, your mail is: {$row[‘mail’]}<br />,and the submission date is{$row[‘sub_date’]},”;
}
}
?>
<div id=”logholder”>
<table width=”450px” border=”0″ cellspacing=”1″ cellpadding=”2″>
<form method=”POST” action= “<?php PHP_SELF ?>”>
<tr>
<td width=”100″><p class=”logs”>Enter your username: </p></td>
<td><input type=”text” name=”user” id=”user”></td></tr>
<tr>
<td width=”100px”><p class=”logs”>Enter the password</p></td>
<td><input type=”password” name=”pass” id=”pass”></td>
</tr>
<tr>
<td width=”200″></td>
<td><input type=”submit” name=”submit” id=”submit” value=”log in”></td>
</tr>
</table>
</form>
</div>
</body>
</html>