May 10, 2011 at 4:10 am
Don't know if this is the right section of the Forum to post this but...
I have built a web site for a client who wants to be able to update one of the pages herself. I have set up a database on serverside and all the php pages on the site. However, in orewder to password protect this access to the database I have made a login.php page. When I try to use this page by inserting the username and password it takes me to an error page that tells me: Unknown column 'username' in 'field list'
The code on the login.php page that refers to this is:
$LoginRS__query=sprintf("SELECT username, password FROM `comments` WHERE username=%s AND password=%s",
GetSQLValueString($loginUsername, "text"), GetSQLValueString($password, "text"));
The table is called 'comments' but I have no idea how to put a username and password field with the login details into the table so that it will refer to it and allow access.
I'm really new to this and would be grateful of any help anyone could give me. Please excuse me if I have not inserted enough detail here but really don't know what else may be required to help get an answer
Nick
May 10, 2011 at 6:04 am
What database engine?
Php is usually used with MySQL, not SQL Server.
If it is SQL Server, we're at minimum going to need to see the table structure.
If it's MySQL, you're more likely to get good help over at the MySQL forums - http://forums.mysql.com/
No offence, but your code is vulnerable to SQL injection and has serious security flaws (storing password plain text, passing passwords plain text among others). i would strongly suggest if this is for a paying client, consult a security professional and get some assistance.
Gail Shaw
Microsoft Certified Master: SQL Server, MVP, M.Sc (Comp Sci)
SQL In The Wild: Discussions on DB performance with occasional diversions into recoverability
May 10, 2011 at 6:51 am
Many thanks - will do
Nick
Viewing 3 posts - 1 through 3 (of 3 total)
You must be logged in to reply to this topic. Login to reply