Member Avatar for lewashby 
$userEmail = $db->query("SELECT email FROM users WHERE email='$email'");
$userPsswd = $db->query("SELECT password FROM users WHERE email='$email'");

Can someone tell me what I've done wrong in teh two lines above? I'm getting the following errors.

PHP Warning: SQLite3::query(): Unable to prepare statement: 1, near "@hotmail": syntax error in /var/www/ET/password/accounts.php on line 14

PHP Warning: SQLite3::query(): Unable to prepare statement: 1, near "@hotmail": syntax error in /var/www/ET/password/accounts.php on line 15

  • 2 Contributors
  • 2 Replies
  • 2K Views
  • 41 Minutes Discussion Span
  • Latest Post Latest Post by Atli

Recommended Answers

All 2 Replies

Member Avatar for Atli

The problem doesn't seem to be with the lines you provided, but rather with the value of the $email variable. What exactly does that variable hold?

Try adding this above the two lines, and show us exactly what it prints out.

var_dump($email); exit;
Member Avatar for Atli

Actually, now that I think about it, seeing as you are providing what appears to be a user supplied variable there, you should be using a parameterized query, rather than injecting the value into the query string directly. That is how modern, security concious code is written.

See the SQLite3::prepare method for details and examples.

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.