₦airaland Forum

Please what could possibly be wrong with this function. I've been constantly getting this error "Database query failed: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '='' AND password='' LIMIT 1' at line 1". Your kind comments will be of great assistance.

public static function authenticate($username="", $password=""{
	   global $database;
	   $username = $database->escape_value($username);
	   $password = $database->escape_value($password);
	   $sql  = "SELECT * FROM users";
	   $sql .= "WHERE username='{$username}' ";
	   $sql .= "AND password='{$password}' ";
	   $sql .= "LIMIT 1";
	   
	   $result_array = self::find_by_sql($sql);
      
	   return !empty($result_array)? array_shift($result_array) : false;
	 }

public static function authenticate($username="", $password=""{
	   global $database;
	   $username = $database->escape_value($username);
	   $password = $database->escape_value($password);
	   $sql  = "SELECT * FROM users ";///////////space here////////////////
	   $sql .= "WHERE username='{$username}' ";
	   $sql .= "AND password='{$password}' ";
	   $sql .= "LIMIT 1";
	   
	   $result_array = self::find_by_sql($sql);
      
	   return !empty($result_array)? array_shift($result_array) : false;
	 }

From the error;

'='username_is_supposed_to_be_here' AND password='password_is_supposed_to_be_here' LIMIT 1' at line 1"


So check whether you're actually substituting the variables

SORRY I AM NOT AN OOP EXPECT. BUT THIS WILL SOLVE THE ISSUE.

===================================================================================

function  authenticate($username,$password){

$con=mysql_connect(HOST,USER,PASSWORD) or die("System busy, try again later" ) ;
mysql_select_db(DATABASE) or die("Kindly wait some minutes, and try again later" ) ;
						
$query="SELECT * FROM users WHERE username='{$username}' AND password='{$password}' LIMIT 1";
$sendQuery=mysql_query($query) or die("Please try again later" ) ;

if($outCome=mysql_fetch_assoc($sendQuery)){
 /// database output you can add more.

$username_databate_details=$outCome['username_databate_details'];
$name_databate_details=$outCome['name_databate_details'];
$address_databate_details=$outCome['address_databate_details'];

return true; 					
}
else
{
return false;
}

}

===================================================================================

/// to use the function

if (authenticate($username,$password) == true) {

//do anything you want
}

NOTE:
I HOPE YOU UNDERSTAND THAT YOU HAVE TO SANITIZE YOUR INPUT AND ALSO PROTECT YOUR OUTPUT AGAINST XSS ATTACK

OOP APPROACH

public static function authenticate($username="", $password="" ) {
global $database;
$username = $database->escape_value($username);
$password = $database->escape_value($password);
$result_array = self::find_by_sql("SELECT * FROM users WHERE username='{$username}' AND password='{$password}' LIMIT 1" );
return !empty($result_array) ? array_shift($result_array) : false;
}


NOTE: THIS IS NOT THE BEST WAY TO VERIFY USERNAME AND PASSWORD.

I CAN SEE YOU ARE DOING THIS BECAUSE YOU ARE STORING THE PASSWORD IN PLAIN TEXT OR YOU HASH THE PASSWORD BUT DO NOT USE A SALT.