0

hai i am new to php. i am getting this as error

---You have an error in your SQL syntax; check the manual that corresponds to your MySQL---
can anyone tel wher is the error. Thank u..!!

<html>
<body>
<form action="login.php" method="post">
<div>
<table width="100%">
    <tr>
        <td><img src="Logofinalcopy.gif"></td>
    </tr>
    <tr>
        <td bgcolor="aqua"><h2>Login</h2></td>
    </tr></table>
<table align="right" style="width:40%">
    <br>
    <tr>
       <td>Username:</td>
       <td><input type="text" name="username"></td>
    </tr>
    <tr>
       <td>Password:</td>
       <td><input type="password" name="password"></td>
    </tr>
    <tr>
        <td align="CENTER" COLSPAN="4">
        <input TYPE="SUBMIT" name="submit" value="Login">
        <input TYPE="reset" name="submit" value="clear"></td>
    </tr>
</table>
</div>
</form>
</body>
</html>
<?php
if(isset($_POST['submit']))
{
    $con = mysql_connect("10.70.1.50","invensis","invensis");
    if (!$con)
    {
        die('Could not connect: ' . mysql_error());
    }
    $con=mysql_select_db("database_myproject");
    if (!$con)
    {
        die('Could not connect DB: ' . mysql_error());
    }

    $username=$_POST['username'];
    $password=$_POST['password'];
    $Username = stripslashes($username);
    $Password = stripslashes($password);
    $Username = mysql_real_escape_string($username);
    $Password = mysql_real_escape_string($password);
    $flag="OK";  
    $msg=""; 
    if(strlen($Username) < 1)
    {
        $msg=$msg."Please enter the username<br>";
        $flag="NOTOK"; 
    }
    if(strlen($Password) < 1)
    {
        $msg=$msg."Please enter the password<br>";
        $flag="NOTOK";  
    }
    if($flag <>"OK")
    {
       echo "<br><br><br><br><br><strong style='color:#FF3333'>"."<right>Please enter Username/Password <br></right>"."</strong>";                                                                                                                                }  
    else
    {
        $sql="SELECT * FROM Users WHERE Username='$Username' and Password='$Password'";        
        $result=mysql_query($sql) or die(mysql_error()); 
        $count=mysql_num_rows($result);          
        if($count==1)
        {                    
            $sql1 =mysql_query("SELECT Role FROM Users WHERE Username='$Username' and Password='$Password'");
            while($info = mysql_fetch_array($sql1))
            $info['Role'];   
            {
                if($info['Role']== '0')
                {
                    @header("location: http://localhost//Project/Superadmin.php");
                } 
                else if($info['Role']== '1')
                {
                    @header("location: http://localhost//Project/Admin.php");
                } 
                else if($info['Role']== '2')
                {
                    @header("location: http://localhost//Project/User.php");
                } 
            }   

        }
        else 
        {
            echo "<br><br><br><br><br><strong style='color:#FF3333'><left>Incorrect UserName OR Password</left></strong>";
        }

    }
}
?>

Edited by Reverend Jim: Fixed formatting

2
Contributors
4
Replies
6
Views
7 Years
Discussion Span
Last Post by hashinclude
0

You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'Resource id #30' at line 1

0

both queries seem fine to me, can you post the entire error message?

You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'Resource id #30' at line 1

0

when do you get this error?
the query causing the error is not in the code you posted, perhaps it's in one of those files "superadmin.php", "admin.php", "user.php"

This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.