Simple query question - Printable Version

Simple query question - Printable Version

+- CodeIgniter Forums (https://forum.codeigniter.com)
+-- Forum: Archived Discussions (https://forum.codeigniter.com/forumdisplay.php?fid=20)
+--- Forum: Archived Development & Programming (https://forum.codeigniter.com/forumdisplay.php?fid=23)
+--- Thread: Simple query question (/showthread.php?tid=15887)

Pages: 1 2

Simple query question - El Forum - 02-17-2009

[eluser]markanderson993[/eluser]
Hello there codeigniter experts! I have a small and simple question. I am entering this code

Code:
$second_verify = $this->CI->db->query("

                SELECT *

                FROM user

                WHERE 

                    user_name = " . $username_login . " and

                    password = md5(concat(md5(" . $password_login . "), salt))

            ");

And I keep getting this error:

Quote:A Database Error Occurred

Error Number: 1054

Unknown column 'pianoman993' in 'where clause'

SELECT * FROM user WHERE user_name = pianoman993

I know the solution must be incredibly simple but I just can't figure it out! Does anyone have any ideas?

Any help would be greatly appreciated!
Thank you!

- Pianoman993

Simple query question - El Forum - 02-17-2009

[eluser]TheFuzzy0ne[/eluser]
I'd try escaping it differently:

Code:
$second_verify = $this->CI->db->query("

                SELECT *

                FROM `user`

                WHERE 

                    `user_name` = '" . $this->db->escape($username_login) . "' and

                    `password` = md5(concat(md5('" . $this->db->escape($password_login) . "'), salt))

            ");

The code above is untested.

You may find something along those lines might work better.

Simple query question - El Forum - 02-17-2009

[eluser]TheFuzzy0ne[/eluser]
Or you can use Query Bindings. http://ellislab.com/codeigniter/user-guide/database/queries.html

Simple query question - El Forum - 02-17-2009

[eluser]markanderson993[/eluser]
Thanks for your speedy reply.

I tried this

Code:
$second_verify = $this->CI->db->query("

                SELECT *

                FROM 'user'

                WHERE

                    'user_name' = ". $this->CI->db->escape($username_login) . " and

                    'password' = md5(concat(md5('" . $this->CI->db->escape($password_login) . "'), salt))

            ");

But now I get this error message

Quote:You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''user' WHERE 'user_name' = 'anderma' and ' at line 2

Simple query question - El Forum - 02-17-2009

[eluser]TheFuzzy0ne[/eluser]
You are using single 'quotes' for escaping fields and table names, when you need to use `backticks`. Smile

Simple query question - El Forum - 02-17-2009

[eluser]markanderson993[/eluser]
Alrighty, I'll revert back to how you originally had revised my code. But even when I tried that I was getting the same error. :/

Simple query question - El Forum - 02-17-2009

[eluser]TheFuzzy0ne[/eluser]
Please repost the code you're using, and the exact error your now receiving. If you used my code, the original error should now be gone.

Simple query question - El Forum - 02-17-2009

[eluser]markanderson993[/eluser]
Here is the error I am receiving:

Quote:A Database Error Occurred

Error Number: 1064

You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'anderma'' and `password` = md5(concat(md5(''my_password''), sal' at line 4

SELECT * FROM `user` WHERE `user_name` = ''anderma'' and `my_password` = md5(concat(md5(''my_password''), salt))

And here is the code I am using

Code:
$second_verify = $this->CI->db->query("

                SELECT *

                FROM `user`

                WHERE

                    `user_name` = '" . $this->CI->db->escape($username_login) . "' and

                    `password` = md5(concat(md5('" . $this->CI->db->escape($password_login) . "'), salt))

            ");

Here is the code that follows this:

Code:
if ( (($query != null) && ($query->num_rows() == 0)) OR (($second_verify != null) && ($second_verify->num_rows() == 0)))

            {

                //we didn't find the password

                $pass_cond = FALSE;

                //debugging

                //echo '<br>password not found<br>';

            }

            else 

            {

                //we found the password

                $pass_cond = TRUE;

                //debugging

                //echo '<br>password found<br>';

            }

        }

...

Simple query question - El Forum - 02-17-2009

[eluser]TheFuzzy0ne[/eluser]
OK, that's a different error message. Try this function. I have a feeling I shouldn't have used quotes inside the md5 function:

Code:
$second_verify = $this->CI->db->query("

                SELECT *

                FROM `user`

                WHERE

                    `user_name` = '" . $this->CI->db->escape($username_login) . "' and

                    `password` = md5(concat(md5(" . $this->CI->db->escape($password_login) . "), salt))

            ");

The above code is untested.

Simple query question - El Forum - 02-17-2009

[eluser]markanderson993[/eluser]
I appreciate all your help so far, I hate to be so troublesome but I am still getting the same error message. Frustrating!

Quote:A Database Error Occurred

Error Number: 1064

You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'anderma'' and `password` = md5(concat(md5('my_password'), salt)' at line 4

SELECT * FROM `user` WHERE `user_name` = ''anderma'' and `my_password` = md5(concat(md5('my_password'), salt))