Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 3 of 3
  1. #1
    Regular Coder
    Join Date
    Jan 2008
    Posts
    334
    Thanks
    9
    Thanked 0 Times in 0 Posts

    Quotes messing up a mysql_query

    Okay, so I'm having a little problem. I'm not to sure how I fix this, but I'm am hoping that someone can explain to me how I can fix this. Okay, so I was making a login on my site. The site URL http://mechfans.sytes.net/login.php when I type in a username doesn't matter which and say if you put in a quote as the password I get this error: Server Error: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '"""' at line 1. I'm not to sure how I can fix this. So I'll give you mysql_query that I have for that and hopefully someone can give me the answer.


    Code:
    mysql_query("SELECT user_id, username, password, user_level, active, last_ip FROM users WHERE username=\"$username\" AND password=\"$password\"") or die("Server Error: " . mysql_error());
    If you want then go to the page and try it for yourself.

    Page: http://mechfans.sytes.net/login.php

    Put a random username in and put a quote as a password and click "login".

    Thanks,
    Jon W

  • #2
    Senior Coder
    Join Date
    Dec 2005
    Location
    Slovenia
    Posts
    1,991
    Thanks
    120
    Thanked 76 Times in 76 Posts
    not familiar with this syntax bu think u need to insert something like this:

    Code:
    ='\"$password\"' 
    plus replace any ' inside password with escaped '
    Last edited by BubikolRamios; 03-05-2009 at 07:34 AM.

  • #3
    Master Coder
    Join Date
    Dec 2007
    Posts
    6,682
    Thanks
    436
    Thanked 890 Times in 879 Posts
    you must validate the data you get from users before you send them to mysql.

    http://www.php.net/manual/en/securit...-injection.php

    best regards


  •  

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •