MySQL error: You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near '' at line 1
Code (PHP)
<html>
<head>
<title>ThaiCreate.Com Tutorials</title>
</head>
<body>
<?php
$DBServer = 'mysql.hostinger.in.th';
$DBUser = 'u765040348_neu';
$DBPass = 'baitong8503';
$DBName = 'u765040348_neu';
$conn = new mysqli($DBServer, $DBUser, $DBPass, $DBName);
mysqli_query($conn,"set names tis620");
$username = $_POST['txtUsername'];
$toemail = $_POST['txtEmail'];
$sql = "SELECT * FROM user WHERE user_name = $username OR user_email = $toemail ";
$result = mysqli_query($conn,$sql) or die("MySQL error: " . mysqli_error($conn) . "<hr>\nQuery: $sql");
$data = mysqli_fetch_array($result);
if(!$data)
{
echo "Not Found Username or Email!";
}
else
{
echo "Your password send successful.<br>Send to mail : ".$data["user_email"];
$strTo = $toemail;
$strSubject = "Your Account information username and password.";
$strHeader = "Content-type: text/html; charset=windows-874\n"; // or UTF-8 //
$strHeader .= "From: [email protected] \nReply-To: [email protected] ";
$strMessage = "";
$strMessage .= "Welcome : ".$data["user_fname"]."<br>";
$strMessage .= "Username : ".$data["user_name"]."<br>";
$strMessage .= "Password : ".$data["user_password"]."<br>";
$strMessage .= "=================================<br>";
$strMessage .= "ThaiCreate.Com<br>";
$flgSend = mail($strTo,$strSubject,$strMessage,$strHeader);
}
?>
</body>
</html>
Tag : PHP, MySQL, HTML/CSS, JavaScript, Ajax, jQuery
Date :
2016-06-06 13:09:15
By :
settachai
View :
2708
Reply :
2
เอาแบบง่ายๆก่อนน่ะครับ
Code (PHP)
$sql = "SELECT * FROM user WHERE user_name = '$username' OR user_email = '$toemail' ";
อย่าลืมว่ามันเป็น string ให้ใส่ ' ครอบไปด้วย
Date :
2016-06-06 13:55:03
By :
mangkunzo
ถ้าไม่อยากโดน sql injection
15.$username = $_POST['txtUsername'];
16.$toemail = $_POST['txtEmail'];
เปลี่ยนเป็น
Code (PHP)
15.$username = $conn->real_escape_string($_POST['txtUsername']);
16.$toemail = $conn->real_escape_string($_POST['txtEmail']);
Date :
2016-06-06 15:32:04
By :
Chaidhanan
Load balance : Server 04