Hey all,

This is the error I am getting :

Parse error: parse error, unexpected T_ENCAPSED_AND_WHITESPACE, expecting T_STRING or T_VARIABLE or T_NUM_STRING in authenticate.php on line 19


This is authenticate.php (from line 14 to 24) :



mysql_select_db( 'database' )
or die ( 'Unable to select database.' );

// Formulate the query

$sql = "SELECT * FROM table WHERE `id` = $_POST['usr'] AND `password` = $_POST['pwd']";

// Execute the query and put results in $result

$result = mysql_query( $sql )
or die ( 'Unable to execute query.' );


Any ideas what has gone wrong ? I am still learning php so this is a bit of a learning curve for me. Thanks in advance for any help given !

Chris

Change line 19 to this and give it a try...

$sql = "SELECT * FROM table WHERE id = '$_POST[usr]' AND password = '$_POST[pwd]'";

PS: One note of caution; you should check the variables (_POST) prior to feeding them to SQL or escape them...

Thanks luki for your help !
Just one last question, how do I escape them ?

:P i am such a newbie..

Chris

Originally posted by obviousl
Thanks luki for your help !
Just one last question, how do I escape them ?

:P i am such a newbie..

Chris


$sql = "select something from somewhere where somebody = '" . mysql_real_escape_string($_POST['someone']) . "';";

No semicolon at the end of a query, if you are going to be using mysql_query()

personally, i'd do this for the offending line:


____$sql = "SELECT * FROM table WHERE id = '" . htmlspecialchars($_POST['usr'], ENT_QUOTES). "' AND password = '" . htmlspecialchars($_POST['pwd'], ENT_QUOTES) . "'";