0

I'm looking to verify a user's login via azure mysql. I can successfully connect to the database. I'm just having problems with the syntax associated with azure mysql. What I found online was for regular sql, but that doesn't seem to be the same.

Currently I have:

    $result = mysqli_query($conn,'SELECT name, email FROM logins where name='$loginname' and password='$loginpassword'');
    if(!$result || mysql_num_rows($result) <= 0)
    {
        echo("invalid user");
    }
    else
    {
        echo("successful login");
        session_start();
        $_SESSION["user"] = loginname;
        //header("Location: ../question-explanation.html");
    }

The error I get is: Parse error: syntax error, unexpected '$loginname' (T_VARIABLE), expecting ',' or ')' in

DMop
  • 463
  • 8
  • 23
  • First of all, are those variables escaped? – Spoody Jan 19 '18 at 21:08
  • @MehdiBounya I used trim when I first got them. I'm going to add in mysqli_real_escape_string once I get this input working – DMop Jan 19 '18 at 21:11
  • why didn't you just use a prepared statement? that would have solved many problems; one of which being open to an sql injection. – Funk Forty Niner Jan 19 '18 at 21:25
  • @FunkFortyNiner I hadn't heard of those until you just mentioned them. I just looked them up and I'm going to use them now – DMop Jan 19 '18 at 21:28

1 Answers1

1

You are not concatenating the data, you need to use . to add data to a string:

$result = mysqli_query($conn,'SELECT name, email FROM logins where name=' . $loginname . ' and password=' . $loginpassword);

But you shouldn't concatenate variables to a query because that will open you to SQL injection attacks.

Check How can I prevent SQL injection in PHP?

Spoody
  • 2,852
  • 1
  • 26
  • 36