Not sure how to do the concatentation within php; username and password are strings
$query = "SELECT id, username";
$query .= "FROM users ";
$query .= "WHERE username = '{$username}'";
$query .= "AND hashed_password = '{$hashed_password}'";
$query .= "LIMIT 1";
I also tried this:
$query .= "WHERE username =" . $username;
$query .= "AND hashed_password =" . $hashed_password
Where exactly am I failing..? Might be a stupid question... but I'm a php newb.
You're on the right track but as the comments say, remember to think about the spaces when concatenating:
$query = "SELECT id, username ";
$query .= "FROM users ";
$query .= "WHERE username = '$username' ";
$query .= "AND hashed_password = '$hashed_password' ";
$query .= "LIMIT 1";
That said, you should also look into preventing SQL injection. See this SO question: How can I prevent SQL injection in PHP?
Description:-As per your code query result is like this:-
SELECT id, usernameFROM users WHERE username = 'admin'AND hashed_password = '48949fufu488494'LIMIT 1
SO here what happen you need to give space so after your $query end otherwise its going to concatenate and it changes your $query(username from users whereas according to your query it is usernameFROM users). Below is code .To just show you the right way,i just assign variable for $username and $password default.Hope it helps you.Let me know if it works or not.Below is Code:-
<?php
$username = "admin";
$hashed_password = "48949fufu488494";
$query = "SELECT id , username ";
$query .= "FROM users ";
$query .= "WHERE username = '{$username}' ";
$query .= "AND hashed_password = '{$hashed_password}' ";
$query .= "LIMIT 1";
echo $query;
?>
If you write your code like this than php is going to read like this.Which is the right way:- SELECT id , username FROM users WHERE username = 'admin' AND hashed_password = '48949fufu488494' LIMIT 1
