Welcome Guest, Not a member yet? Register   Sign In
Query Problems - Should be a Simple Fix
#1

[eluser]Gwarrior[/eluser]
For some reason, I keep getting an error


A Database Error Occurred

Error Number: 1054

Unknown column 'allengingrich' in 'where clause'

SELECT password FROM users WHERE username=allengingrich

Which is a result of trying to use a login form using the following controller:

Code:
function login() {
         $this->load->database();
        $this->load->library('session');
        if (isset($_POST['submitted'])) {
        $username = $_POST['username'];
        $password = $this->db->query('SELECT password FROM users WHERE username='.$username);
        if ($password->result() == $_POST['password']) {
            $sessdata = array(
            'username' => $_POST['username'],
            );
            $this->session->set_userdata($sessdata);
            redirect('home/success');
        } else {
            redirect('home/failure');
        }
        }
        $this->load->view('login');
    }

Anyone know what gives? I can't figure out what the problem is at all...
#2

[eluser]Armchair Samurai[/eluser]
You need quotes around the $username variable. You might want to consider using CI's query bindings to escape your submitted data rather than trying to do everything manually.

Code:
$username = $_POST['username'];
$query = $this->db->query('SELECT password FROM users WHERE username = ?', array($username));
#3

[eluser]Gwarrior[/eluser]
Thank you Very Much, that helped the problem.

Now however, I can't authenticate no matter what. Anything wrong my code?
#4

[eluser]Armchair Samurai[/eluser]
To be honest, there are a few things which I wouldn't consider "best practice" when looking at the code, but the most immediate thing is that you are using the db library incorrectly - you need to change your syntax when generating a db result:

Code:
$query = $this->db->query('SELECT password FROM users WHERE username = ?', array($username));
$result = $query->row(); // You should only need a single row for the result

if ($result->password == $_POST['password']):
// continue on here....




Theme © iAndrew 2016 - Forum software by © MyBB