[RESOLVED] small query problem (atleast i think so)

iloveyou

<input type="text" name="StaffID"/>
<input type="password" name="Password"/>
<input type ="submit" name ="submit" value="submit"/>

$sid = $_POST["staffid"];
$pass = $_POST["password"];

//connection to database has been opened already
$query = "SELECT * FROM staff";
			$query.= "WHERE staffid = '$sid' AND password = '$pass'";
			$result = mysql_query($query);
			$num = mysql_num_rows($result);
			if($num > 0) {
				session_start();
				$_SESSION["who"] = $sid;
				//$_SESSION["level"] = mysql_result($rs,0,"level");
				header("location: selectview.php");
				}
				else {
					header("location: login.php");
				}

looking at line 2, "$query.= "WHERE staffid = '$sid' AND password = '$pass'";", the error i'm having is that if i was to replace $sid and $pass with something from the database the query works fine and returns a value, but then i put them with $sid and $pass (which are linked to $_POST and the values of them is determined by whats entered into a text box in the form it just dies and stops finding anything. anything you search for doesn't find anything and returns a 0. i've posted as much useful code that can help with this problem but if you need more let me know, thanks in advance to any answers.

devinemke

array indices are case sensitive, thus $POST["staffid"] does not equal $POST["StaffID"]. also, you should really be using [man]mysql_real_escape_string[/man] on your returned form data and use [man]mysql_error[/man] to debug your queries.

iloveyou

 <input type="text" name="StaffID"/>;
<input type="Password" name="Password"/>;

$sid = $_POST["StaffID"];
$pass = $_POST["Password"];

		$query = "SELECT * FROM staff";
			$query.= "WHERE staffid = '$sid' AND password = '$pass'";
			$result = mysql_query($query);
			$num = mysql_num_rows($result);
			if($num > 0) {
				session_start();
				$_SESSION["who"] = $sid;
				//$_SESSION["level"] = mysql_result($rs,0,"level");
				header("location: selectview.php");
				}
				else {
					header("location: login.php");
				}

i fixed it so the cases match yet still, if i put $sid and $pass it doesnt work, but if i put a username / password thats found in the database it works.

iloveyou

Query failed: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '= "$sid" AND password = "$pass"' at line 1

iloveyou

Solved it, it was the mysql_error that narrowed down the problem for me plus i had a problem with my IF statements 🙂
thanks!