Member Avatar for niths

hai i am new to php. i am getting this as error

---You have an error in your SQL syntax; check the manual that corresponds to your MySQL---
can anyone tel wher is the error. Thank u..!!

<html>
<body>
<form action="login.php" method="post">
<div>
<table width="100%">
    <tr>
        <td><img src="Logofinalcopy.gif"></td>
    </tr>
    <tr>
        <td bgcolor="aqua"><h2>Login</h2></td>
    </tr></table>
<table align="right" style="width:40%">
    <br>
    <tr>
       <td>Username:</td>
       <td><input type="text" name="username"></td>
    </tr>
    <tr>
       <td>Password:</td>
       <td><input type="password" name="password"></td>
    </tr>
    <tr>
        <td align="CENTER" COLSPAN="4">
        <input TYPE="SUBMIT" name="submit" value="Login">
        <input TYPE="reset" name="submit" value="clear"></td>
    </tr>
</table>
</div>
</form>
</body>
</html>
<?php
if(isset($_POST['submit']))
{
    $con = mysql_connect("10.70.1.50","invensis","invensis");
    if (!$con)
    {
        die('Could not connect: ' . mysql_error());
    }
    $con=mysql_select_db("database_myproject");
    if (!$con)
    {
        die('Could not connect DB: ' . mysql_error());
    }

    $username=$_POST['username'];
    $password=$_POST['password'];
    $Username = stripslashes($username);
    $Password = stripslashes($password);
    $Username = mysql_real_escape_string($username);
    $Password = mysql_real_escape_string($password);
    $flag="OK";  
    $msg=""; 
    if(strlen($Username) < 1)
    {
        $msg=$msg."Please enter the username<br>";
        $flag="NOTOK"; 
    }
    if(strlen($Password) < 1)
    {
        $msg=$msg."Please enter the password<br>";
        $flag="NOTOK";  
    }
    if($flag <>"OK")
    {
       echo "<br><br><br><br><br><strong style='color:#FF3333'>"."<right>Please enter Username/Password <br></right>"."</strong>";                                                                                                                                }  
    else
    {
        $sql="SELECT * FROM Users WHERE Username='$Username' and Password='$Password'";        
        $result=mysql_query($sql) or die(mysql_error()); 
        $count=mysql_num_rows($result);          
        if($count==1)
        {                    
            $sql1 =mysql_query("SELECT Role FROM Users WHERE Username='$Username' and Password='$Password'");
            while($info = mysql_fetch_array($sql1))
            $info['Role'];   
            {
                if($info['Role']== '0')
                {
                    @header("location: http://localhost//Project/Superadmin.php");
                } 
                else if($info['Role']== '1')
                {
                    @header("location: http://localhost//Project/Admin.php");
                } 
                else if($info['Role']== '2')
                {
                    @header("location: http://localhost//Project/User.php");
                } 
            }   

        }
        else 
        {
            echo "<br><br><br><br><br><strong style='color:#FF3333'><left>Incorrect UserName OR Password</left></strong>";
        }

    }
}
?>
Edited by Reverend Jim because: Fixed formatting
  • 2 Contributors
  • 4 Replies
  • 97 Views
  • 6 Hours Discussion Span
  • Latest Post Latest Post by hashinclude

Recommended Answers

All 4 Replies

Member Avatar for hashinclude

both queries seem fine to me, can you post the entire error message?

Member Avatar for niths

You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'Resource id #30' at line 1

Member Avatar for niths

both queries seem fine to me, can you post the entire error message?

You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'Resource id #30' at line 1

Member Avatar for hashinclude

when do you get this error?
the query causing the error is not in the code you posted, perhaps it's in one of those files "superadmin.php", "admin.php", "user.php"

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.