<?php ob_start(); $server="myserver"; $db="mydb"; $user="dbusername"; $password=""; $msconn=mssql_connect($server,$user,$password,$db); $dbselect=mssql_select_db($db,$msconn); if($dbselect) { echo "DB Selected"; } if (isset($_POST['submit'])) { if (empty($_POST["userid"])) { $un_error = "<p class='error'>You didn't write a username</p>"; } else { $un_error = ""; } if (empty($_POST["password"])) { $up_error = "<p class='error'>Please fill in the password field</p>"; } else { $up_error = ""; } } if ((isset($_POST["userid"])) && (isset($_POST["password"])) && $un_error == "" && $up_error == "") { $logUser= $_POST["userid"]; $logPassword=$_POST["password"] ; $querry="SELECT * from UserData where UserName=".$logUser."and Password=".$logPassword; echo $querry; $result=mssql_query($querry,$msconn); if(!$result) { die("Error"); } //header('Location:Logged.php'); } whts the problem m gettin sum error which says severity 15 and error near Password frustated
Try changing this: $querry="SELECT * from UserData where UserName=".$logUser."and Password=".$logPassword; to: $querry="SELECT * from UserData where UserName = '".$logUser."' and Password = '".$logPassword."'"; Another thing you need to address is that this script is completely open to SQL injection - http://shiflett.org/articles/sql-injection. You need to sanitize any GET or POST variables before allowing them to be inserted into a query.