StackOverflow2013

Note that there are some explanatory texts on larger screens.

plurals

PO
text
Body
copied!<p>There are a few obvious issues here: </p> <ol> <li>You are using <code>mysql_*</code> methods, where you should use MySQLi instead.</li> <li>You are not ensuring that your included strings in your SQL queries are sanitised, therefore opening yourself up for SQL injections.</li> <li>Your keys for arrays should be strings, which means put them in single quotes.</li> <li>Switching from <code>mysql_fetch_array</code> to <code>mysql_fetch_assoc</code> will return half of the amount of data, but still work the same - no need to increase the memory usage for no reason.</li> <li>Use backticks (`) to denote your table and column names, this helps keep your SQL neat, but also avoids any potential conflicts with reserved words etc.</li> </ol> <p>So ultimately things like: </p> <pre><code>$row[UserID]; </code></pre> <p>Should be turned into: </p> <pre><code>$row['UserID']; </code></pre> <p>Same for where you use <code>$_SESSION</code>, <code>$_POST</code> or other arrays in your code.</p> <p>Also, be sure to take a look at <a href="http://codular.com/php-mysqli" rel="nofollow">this tutorial</a> on MySQLi, especially also the part on escaping strings!</p> <p><strong>Edit</strong>:</p> <p>You are using declarations within your <code>if</code> statements, instead of comparisons: </p> <pre><code>if (($username=$row[Username])&&($password=$row[Password])) </code></pre> <p>Should be: </p> <pre><code>if (($username==$row[Username])&&($password==$row[Password])) </code></pre> <p>Double check all of your <code>if</code> statements.</p>

Querying!

Guidance

An individual column

Larger individual text columns get their own page to allow for proper reading.

SQuiL has stopped working due to an internal error.

If you are curious you may find further information in the browser console, which is accessible through the devtools (F12).

Reload