So I am trying to connect to a MySQL database through PHP. The page is getting form input from an HTML page.
What the program below should do is check if the variable $uName is in my table named UserAccounts. Here is the SQL expression
SELECT * FROM UserAccounts WHERE UserName= '$uName'"
I have tried it with and without the single quotes around uName. Then the code should echo the variable $name. The $name variable should be equal to the column Password2 in my table. Once the SQL works I intend to push this code into an if statement that checks whether or not the account exists. Then the code should redirect to the user homepage.
Any ideas what the problem is?
Also, if you are wondering what the userLogin and userPass variables are, they come from the form. They are the name of the two tags in my HTML form. The password value will eventually be included in the SQL as well.
<?php
echo("<html><head><title>User Sign-Up</title></head>\n");
$dbcnx = mysqli_connect("dbv","uName","pass", "db");
// Check connection
if (!$dbcnx) {
echo( "<P>Unable to connect to the " .
"database server at this time.</P>\n" );
exit();
}
// Escape user inputs for security
$uName = mysqli_real_escape_string($dbcnx, $_REQUEST['userLogin']);
$uPass = mysqli_real_escape_string($dbcnx, $_REQUEST['userPass']);
echo($uName);
$q = mysql_query("SELECT * FROM UserAccounts WHERE UserName= '$uName'");
$r = mysql_fetch_array($q);
$name = $r['Password2'];
echo($name);
?>
