Welcome Guest, Not a member yet? Register   Sign In
CodeIgniter Forums Archived Discussions Archived Development & Programming Simple query question
Simple query question
  • El Forum
    Guest
  •  
#1
02-17-2009, 07:16 PM

[eluser]markanderson993[/eluser]
Hello there codeigniter experts! I have a small and simple question. I am entering this code

Code:
$second_verify = $this->CI->db->query("
                SELECT *
                FROM user
                WHERE
                    user_name = " . $username_login . " and
                    password = md5(concat(md5(" . $password_login . "), salt))
            ");

And I keep getting this error:

Quote:A Database Error Occurred

Error Number: 1054

Unknown column 'pianoman993' in 'where clause'

SELECT * FROM user WHERE user_name = pianoman993

I know the solution must be incredibly simple but I just can't figure it out! Does anyone have any ideas?

Any help would be greatly appreciated!
Thank you!

- Pianoman993
  • El Forum
    Guest
  •  
#2
02-17-2009, 07:37 PM

[eluser]TheFuzzy0ne[/eluser]
I'd try escaping it differently:
Code:
$second_verify = $this->CI->db->query("
                SELECT *
                FROM `user`
                WHERE
                    `user_name` = '" . $this->db->escape($username_login) . "' and
                    `password` = md5(concat(md5('" . $this->db->escape($password_login) . "'), salt))
            ");
The code above is untested.

You may find something along those lines might work better.
  • El Forum
    Guest
  •  
#3
02-17-2009, 07:39 PM

[eluser]TheFuzzy0ne[/eluser]
Or you can use Query Bindings. http://ellislab.com/codeigniter/user-gui...eries.html
  • El Forum
    Guest
  •  
#4
02-17-2009, 07:40 PM

[eluser]markanderson993[/eluser]
Thanks for your speedy reply.

I tried this

Code:
$second_verify = $this->CI->db->query("
                SELECT *
                FROM 'user'
                WHERE
                    'user_name' = ". $this->CI->db->escape($username_login) . " and
                    'password' = md5(concat(md5('" . $this->CI->db->escape($password_login) . "'), salt))
            ");

But now I get this error message

Quote:You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''user' WHERE 'user_name' = 'anderma' and ' at line 2
  • El Forum
    Guest
  •  
#5
02-17-2009, 07:43 PM

[eluser]TheFuzzy0ne[/eluser]
You are using single 'quotes' for escaping fields and table names, when you need to use `backticks`. Smile
  • El Forum
    Guest
  •  
#6
02-17-2009, 07:45 PM

[eluser]markanderson993[/eluser]
Alrighty, I'll revert back to how you originally had revised my code. But even when I tried that I was getting the same error. :/
  • El Forum
    Guest
  •  
#7
02-17-2009, 07:48 PM

[eluser]TheFuzzy0ne[/eluser]
Please repost the code you're using, and the exact error your now receiving. If you used my code, the original error should now be gone.
  • El Forum
    Guest
  •  
#8
02-17-2009, 07:50 PM

[eluser]markanderson993[/eluser]
Here is the error I am receiving:

Quote:A Database Error Occurred

Error Number: 1064

You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'anderma'' and `password` = md5(concat(md5(''my_password''), sal' at line 4

SELECT * FROM `user` WHERE `user_name` = ''anderma'' and `my_password` = md5(concat(md5(''my_password''), salt))

And here is the code I am using

Code:
$second_verify = $this->CI->db->query("
                SELECT *
                FROM `user`
                WHERE
                    `user_name` = '" . $this->CI->db->escape($username_login) . "' and
                    `password` = md5(concat(md5('" . $this->CI->db->escape($password_login) . "'), salt))
            ");

Here is the code that follows this:

Code:
if ( (($query != null) && ($query->num_rows() == 0)) OR (($second_verify != null) && ($second_verify->num_rows() == 0)))
            {
                //we didn't find the password
                $pass_cond = FALSE;
                //debugging
                //echo '<br>password not found<br>';
            }
            else
            {
                //we found the password
                $pass_cond = TRUE;
                //debugging
                //echo '<br>password found<br>';
            }
        }

...
  • El Forum
    Guest
  •  
#9
02-17-2009, 07:56 PM

[eluser]TheFuzzy0ne[/eluser]
OK, that's a different error message. Try this function. I have a feeling I shouldn't have used quotes inside the md5 function:
Code:
$second_verify = $this->CI->db->query("
                SELECT *
                FROM `user`
                WHERE
                    `user_name` = '" . $this->CI->db->escape($username_login) . "' and
                    `password` = md5(concat(md5(" . $this->CI->db->escape($password_login) . "), salt))
            ");
The above code is untested.
  • El Forum
    Guest
  •  
#10
02-17-2009, 08:00 PM

[eluser]markanderson993[/eluser]
I appreciate all your help so far, I hate to be so troublesome but I am still getting the same error message. Frustrating!

Quote:A Database Error Occurred

Error Number: 1064

You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'anderma'' and `password` = md5(concat(md5('my_password'), salt)' at line 4

SELECT * FROM `user` WHERE `user_name` = ''anderma'' and `my_password` = md5(concat(md5('my_password'), salt))




Theme © iAndrew 2016 - Forum software by © MyBB