hi i'm working on codeigniter for now.and i got some problem with the user login system.

basically user can login using his/her email address, and then the login system will retrieve the user corresponding "username" base on the email address entered.This username will then be stored as session and will going to be used for all of the user's activities on the site.

So, for login system, after the user has entered the details of his own, the validate_credentials() function will be called :

function validate_credentials()
	{
		$this->load->model('membership_model');
		$query = $this->membership_model->validate();

		if($query) // if the user's credentials validated...
		{
                     $sql = $this->db->query("SELECT * FROM membership WHERE email_address=".$this->input->post('email'));
		    if ($sql->num_rows() > 0)
                    {
                    $row = $query->row_array();
                    $username = $row['username'];
                    }

                     $data = array(
				'username' => $username,
                                'is_logged_in' => true
			);
			$this->session->set_userdata($data);
			redirect('site/home/'.$username);
		}
		else // incorrect username or password
		{
			$this->index();
		}
	}

and this function will interact with the validate() method in the membership_model to check weather or not the details entered is correct.this is the validate() method :

function validate()
	{
		$this->db->where('email_address', $this->input->post('email'));
		$this->db->where('password', md5($this->input->post('password')));
		$query = $this->db->get('membership');

		if($query->num_rows == 1)
		{
			return true;
		}

	}

i get this error when try to login :

A Database Error Occurred

Error Number: 1064

You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '@yahoo.com' at line 1

SELECT * FROM membership WHERE email_address=test_email@yahoo.com

Filename: C:\xampp\htdocs\project\system\database\DB_driver.php

Line Number: 330


So whats the mistake that i have done?any helps guys?
thanks :)

try putting single quotes around the email address. Also, make sure that you are at least using mysql_real_escape_string for all human interaction into the database.

yeah try putting quotes in the value of email address so that the query will treat it as the value of the field email_address..

it didnt work..plus i believe this is not the problem for this..

Error number 1064 is a syntax error. The only syntax error that you have in that query is trying to pass a string as an integer. Mysql has no idea how to parse that query without single quotes around your strings. Sure, it just might possibly work in some cases but mysql doesn't know what to do with that particular string.

Error number 1064 is a syntax error. The only syntax error that you have in that query is trying to pass a string as an integer. Mysql has no idea how to parse that query without single quotes around your strings. Sure, it just might possibly work in some cases but mysql doesn't know what to do with that particular string.

Ouh..but where should i put those quotes? is it this what you meant? :

$sql = $this->db->query("SELECT * FROM membership WHERE 'email_address'=".$this->input->post('email'));

if it it like this, unfortunately it turns out to be another systax error
that i got :(

like this:

$sql = $this->db->query("SELECT * FROM membership WHERE email_address='".$this->input->post('email')."'");

yeah R0bb0b is correct..... so that the query will treat the email address value as a string.....
php Syntax (Toggle Plain Text)
$sql = $this->db->query("SELECT * FROM membership WHERE email_address='".$this->input->post('email')."'");

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.