I am trying to perform a SQL query in PHP using HEREDOC form. While the single-line form works properly, the same kind of thing does not work in the HEREDOC form.
This is the HEREDOC code I am attempting to use:
$sql = <<<SQL
SELECT *
FROM `users`, `passwords`
WHERE users.User_id = passwords.User_id
AND {$formusername} = users.User_name
AND {$formpassword} = passwords.User_password
SQL;
The above statement returns 0 rows when I know that the values I supply through my form should yield at least 1 row. Further, I know that the issue is in the AND statements because removing them yields rows. I suspect that it's the way I am writing the variables in the statement that is causing the issue.
The below syntax works properly:
$sql = 'SELECT * FROM users, passwords WHERE users.User_id = passwords.User_id AND "'.$formusername.'" = users.User_name AND "'.$formpassword.'" = passwords.User_password';
1 row is correctly returned for the values I supply through the HTML5 form.
What is wrong with my HEREDOC syntax?
Edit: I know that I should use prepared statements to avoid SQL injection. This is just a small example for class and I need the HEREDOC form to work.
Try this:
$sql = <<<SQL
SELECT *
FROM `users`, `passwords`
WHERE users.User_id = passwords.User_id
AND "{$formusername}" = users.User_name
AND "{$formpassword}" = passwords.User_password
SQL;
The issue is the missing quotes(") in the variables, like just {$formusername} instead of "{$formusername}". Hope that fixes the issue.