• 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
SQL parameter dropped, leaving me with error 1064

#1
[eluser]dauber[/eluser]
Hi there...so, I had a simple login form generated by formigniter.org. I'm simply trying to run some tests on the form, and it appears that the password is not getting passed through, and I get error 1064 with the following message:


Quote:A Database Error Occurred

Error Number: 1064

You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '' at line 1

SELECT userName FROM slagUser WHERE userName='testname' AND password=

Filename: /home/scourtn3/noneofyourbusinesswhatthisis/SLAG/models/signin_model.php

Line Number: 23

'testname' is indeed the user name that I put through the form, but the password isn't showing up, as you can see, which I'm guessing is what's causing the problem.

Here's the line 23 that it cites, along with line 22 before it:

Code:
$sql="SELECT userName FROM slagUser WHERE userName = ? AND password = ?";
$loginName=$this->db->query($sql,$form_data['userName'],$form_data['password']);

Both of those lines I copied and pasted from the CodeIgniter user documentation on queries, and obviously I put in my own field names and assigned the query result to a variable.

Here's the controller [comments removed]:

Code:
<?php

class Signin extends CI_Controller {
              
function __construct()
{
   parent::__construct();
  $this->load->library('form_validation');
  $this->load->database();
  $this->load->helper('form');
  $this->load->model('signin_model');
}
function index()
{  
  $this->form_validation->set_rules('userName', 'User name:', 'required|trim|xss_clean|max_length[255]');  
  $this->form_validation->set_rules('password', 'Password:', 'required|trim|xss_clean|max_length[255]|md5');
  
  $this->form_validation->set_error_delimiters('<br /><span class="error">', '</span>');

  if ($this->form_validation->run() == FALSE) // validation hasn't been passed
  {
   $this->load->view('signin_view');
  }
  else
  {
    $form_data = array(
             'userName' => set_value('userName'),
             'password' => set_value('password')
      );
                        $test=$this->signin_model->verifySignin($form_data);
                        echo $test;
  }
}
function success()
{
   echo 'this form has been successfully submitted with all validation being passed. All messages or logic here. Please note
   sessions have not been used and would need to be added in to suit your app';
}
}
?&gt;

Here's the model:

Code:
&lt;?php

class Signin_model extends CI_Model {

function __construct()
{
  parent::__construct();
}

        function verifySignin($form_data)
        {
            $sql="SELECT userName FROM slagUser WHERE userName = ? AND password = ?";
            $loginName=$this->db->query($sql,$form_data['userName'],$form_data['password']);
            return $loginName;
        }
        
function SaveForm($form_data)
{
  $this->db->insert('slagUser', $form_data);
  
  if ($this->db->affected_rows() == '1')
  {
   return TRUE;
  }
  
  return FALSE;
}
}
?&gt;

And finally, here's the view:

Code:
&lt;?php

$attributes = array('class' => '', 'id' => '');
echo form_open('signin', $attributes); ?&gt;

<p>
        <label for="userName">User name: <span class="required">*</span></label>
        &lt;?php echo form_error('userName'); ?&gt;
        <br />&lt;input id="userName" type="text" name="userName" maxlength="255" value="&lt;?php echo set_value('userName'); ?&gt;"  /&gt;
</p>

<p>
        <label for="password">Password: <span class="required">*</span></label>
        &lt;?php echo form_error('password'); ?&gt;
        <br />&lt;input id="password" type="password" name="password" maxlength="255" value="&lt;?php echo set_value('password'); ?&gt;"  /&gt;
</p>


<p>
        &lt;?php echo form_submit( 'submit', 'Submit'); ?&gt;
</p>

&lt;?php echo form_close(); ?&gt;

I can't find anything wrong with any syntax or anything. What am I doing wrong???

#2
[eluser]rogierb[/eluser]
Code:
$loginName=$this->db->query($sql,$form_data['userName'],$form_data['password']);

should be
Code:
$loginName=$this->db->query($sql,array($form_data['userName'],$form_data['password']));

The binding failed because it could only find one parameter.

#3
[eluser]dauber[/eluser]
That helped. Thanks!!


Digg   Delicious   Reddit   Facebook   Twitter   StumbleUpon  


  Theme © 2014 iAndrew  
Powered By MyBB, © 2002-2020 MyBB Group.