0

I believe my PHP to be functioning perfectly, therefore I think it's a query error. When I proceed, with form details stored in the session... it happily returns my Posted information but doesn't seem to be pulling anything from my database - there is a row in my database containing the email address I am using. Does anybody see anything blatantly wrong with this PHP?

Thanks for your help.

<?php
session_start();
$servername = "localhost";
$username = "privatedbroot";
$password = "not4ulol";
$dbname = "pdb_inventory";
$status = $_GET["action"];
$_SESSION["Cemail"] = $_POST["CEMAIL"];
$_SESSION["Access"] = md5($_POST["ACCESS"]);
$conn = new mysqli($servername, $username, $password, $dbname);


    $sql = "SELECT CEMAIL, ACCESS FROM POPU WHERE `CEMAIL`= ".$_SESSION['Cemail'];
    echo $sql;
    $result = $conn->query($sql);
    if ($result->num_rows > 0) {
        while($row = $result->fetch_assoc()) {
            if ($_SESSION["Access"] == $row["ACCESS"]){
                echo "password correct!";
            } else {
                echo "password wrong!";
            }
        }
    }else{
        echo "ur email is wrong m8.";
    }
?>
William
  • 146
  • 3
  • 12
  • 1
    Use `'` around your session variable in the query string. – Prerak Sola Aug 21 '15 at 15:18
  • 1
    Your code contains many syntax errors. Consult these following links http://php.net/manual/en/mysqli.error.php and http://php.net/manual/en/function.error-reporting.php and apply that to your code. – Funk Forty Niner Aug 21 '15 at 15:19
  • You are vulnerable to [sql injection attacks](http://bobby-tables.com) – Marc B Aug 21 '15 at 15:20
  • 1
    @MarcB reserved word, which one? – Funk Forty Niner Aug 21 '15 at 15:21
  • 1
    poop. it's actually "accessible" for the reserved word. doh... and... interesting... I flagged for re-open and it immediately did. guess that's another perk for the auto-close stuff. – Marc B Aug 21 '15 at 15:22
  • @MarcB *You're forgiven* ;-) The reopen can be done by any gold member, no need to flag it if you're gold. Just hit "reopen" ;-) yeah... cool feature on the flag. – Funk Forty Niner Aug 21 '15 at 15:23
  • @MarcB we can delete our comments now, unless you still want 'em ;-) – Funk Forty Niner Aug 21 '15 at 15:24
  • 1
    I'll just let my mistake hang out there. time to wear a hairshirt for a while. – Marc B Aug 21 '15 at 15:25
  • @MarcB I had to go look and see where you may have thought `ACCESS` was a reserved word. Like Jay (answer below if not deleted yet) and [as per my comment to him](http://stackoverflow.com/questions/32143912/php-my-select-isnt-working#comment52177975_32143967) have experience with Oracle. Yeah.. it is in Oracle http://docs.oracle.com/cd/B19306_01/em.102/b40103/app_oracle_reserved_words.htm - I think that mystery's been solved ;-) – Funk Forty Niner Aug 21 '15 at 15:38
  • Please do not do your login like that, I get headache from that.. use those functions: http://php.net/manual/en/ref.password.php – inetphantom Aug 21 '15 at 15:39

1 Answers1

0

Try this: 

$cemail = $_SESSION['Cemail'];
$sql = "SELECT CEMAIL, ACCESS FROM POPU WHERE `CEMAIL`= '$cemail'";
DirtyBit
  • 16,613
  • 4
  • 34
  • 55