0
$userEmail = $db->query("SELECT email FROM users WHERE email='$email'");
$userPsswd = $db->query("SELECT password FROM users WHERE email='$email'");

Can someone tell me what I've done wrong in teh two lines above? I'm getting the following errors.

PHP Warning: SQLite3::query(): Unable to prepare statement: 1, near "@hotmail": syntax error in /var/www/ET/password/accounts.php on line 14

PHP Warning: SQLite3::query(): Unable to prepare statement: 1, near "@hotmail": syntax error in /var/www/ET/password/accounts.php on line 15

2
Contributors
2
Replies
11
Views
3 Years
Discussion Span
Last Post by Atli
0

The problem doesn't seem to be with the lines you provided, but rather with the value of the $email variable. What exactly does that variable hold?

Try adding this above the two lines, and show us exactly what it prints out.

var_dump($email); exit;
0

Actually, now that I think about it, seeing as you are providing what appears to be a user supplied variable there, you should be using a parameterized query, rather than injecting the value into the query string directly. That is how modern, security concious code is written.

See the SQLite3::prepare method for details and examples.

This question has already been answered. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.