Nabin Nepal (Starx) mysql php

March 11, 2012

MySQL 1064 syntax error

Question by user1244808

I have this SQL query:

SELECT
  user_id,
  user_name,
  user_level
FROM
  users
WHERE
   user_name = '" . mysql_real_escape_string($_POST['user_name']) . "'
AND
   user_pass = '" . sha1($_POST['user_pass'])

MySQL gives the error:

1064 – You have an error in your SQL syntax; check the manual that
corresponds to your MySQL server version for the right syntax to use
near ‘user_name’]) . "’ AND
user_pass = ‘" . sha1($_POST[‘user_pass’])’ at line 8

Answer by Starx

I am not sure, how are you running the query. But I really hope you are considering the possibility of SQL Injection in your code.

$query = "SELECT
            user_id, user_name, user_level
          FROM users
          WHERE
            user_name = '" . mysql_real_escape_string($_POST['user_name']) . "'
            AND
            user_pass = '" . sha1($_POST['user_pass'])."';";
$result = mysql_query($query);

Author: Nabin Nepal (Starx)

Hello, I am Nabin Nepal and you can call me Starx. This is my blog where write about my life and my involvements. I am a Software Developer, A Cyclist and a Realist. I hope you will find my blog interesting. Follow me on Google+ View all posts by Nabin Nepal (Starx)

Please fill the form - I will response as fast as I can!