0

For my site there is a loginsystem where you need to login with your emailadress, but the problem is that my query gives an error when I start writing my emailadress whenever I use a point.

Here is my query:

  $sql = "SELECT LeerlingID FROM tblLeerlingen WHERE email = '$myusername' and Wachtwoord = '$mypassword'";
Maarten Gregoor
  • 21
  • 8
  • You need to quote the strings, like `WHERE email = 'gregoor.maarten.mg@gmail.com' and Wachtwoord = '0dc22c6a909acf658232f6a38e780d7b'` – GMB Apr 05 '19 at 18:08
  • Learn to use parameters! Do not munge query strings with user input. – Gordon Linoff Apr 05 '19 at 18:20
  • but the user needs to fill in the fields to log in @GordonLinoff – Maarten Gregoor Apr 05 '19 at 18:26
  • 2
    Nah, he is talking about SQL Injection, you may consider reading this topic: https://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php – maio290 Apr 05 '19 at 18:29

1 Answers1

1

Simply wrap your strings properly:

SELECT LeerlingID FROM tblLeerlingen WHERE email = 'gregoor.maarten.mg@gmail.com' and Wachtwoord = '0dc22c6a909acf658232f6a38e780d7b';
maio290
  • 6,440
  • 1
  • 21
  • 38