RE: User Logon Procedure Fails

[Michael Mason]

I still get an error and think this line is to blame:   AND password=UserPassword('$_POST[TXT_UserPassword]')";   I’ve changed it to:   AND UserPassword=('$_POST[TXT_UserPassword]')";   And I still get erros but further down the code. I’ll work through those.   BTW: didn’t know that “password” was a reserved word… oops…!     Michael Mason Business Support Services Arras® People   Tel: 01706 342310 Mobile: 07793 782287 Fax: 01706 642754 Member of the Recruitment Employment Confederation (00052055) The views expressed in this mail are entirely those of the sender, and do not necessarily represent the views or position of Arras Services Ltd. The information contained in this communication is confidential and may be legally privileged. It is intended solely for the use of the individual or entity to whom it is addressed and others authorised to receive it. If you are not the intended recipient you are hereby notified that any disclosure, copying, distribution or taking any action in relation to the contents of this information is strictly prohibited and may be unlawful. Neither the sender nor the represented institution is liable for the correct and complete transmission of the contents of this e-mail, or for its timely receipt.   From: Michael Mason [mailto:[EMAIL PROTECTED]] Sent: 04 July 2004 13:19 To: MySQL Mailing List Subject: User Logon Procedure Fails   Another day another problem. This time it appears that users are able to enter their details but I get a query execution error with the following section of code: /* Verify Login */   $sql = "SELECT UserFirstName,UserID,UserPassword FROM RegisteredMembers   WHERE UserID='$_POST[TXT_UserID]'";   $result = mysql_query($sql) or die ("couldn't select database");   $num = mysql_num_rows($result);   if ($num == 1)     //Login Name Was Found   {    $sql = "SELECT UserID FROM RegisteredMembers       WHERE UserID='$_POST[TXT_UserID]'         AND password=UserPassword('$_POST[TXT_UserPassword]')";    $result2 = mysql_query($sql) or die("Couldn't execute query #2."); The next to last line is bugging me though. "AND password= etc. because I have a variable declared earlier in the logon page for TXT_UserPassword and the UserPassword column exists but where in the hell is "password"...? Is this another of MySQLs "on the fly" variables...?     Michael Mason Business Support Services Arras® People   Tel: 01706 342310 Mobile: 07793 782287 Fax: 01706 642754 Member of the Recruitment Employment Confederation (00052055) The views expressed in this mail are entirely those of the sender, and do not necessarily represent the views or position of Arras Services Ltd. The information contained in this communication is confidential and may be legally privileged. It is intended solely for the use of the individual or entity to whom it is addressed and others authorised to receive it. If you are not the intended recipient you are hereby notified that any disclosure, copying, distribution or taking any action in relation to the contents of this information is strictly prohibited and may be unlawful. Neither the sender nor the represented institution is liable for the correct and complete transmission of the contents of this e-mail, or for its timely receipt.