I have a basic login code, where the user enters a username and a password, hits 'Submit', and then a mySQL query checks in the database if the username corresponds to the password.
Here is the query, with 'pseudo' as the username typed by the user and 'mot_de_passe' as the password typed in.
$reponse = $bdd->query('SELECT * FROM user_data WHERE username = '.$_POST['pseudo'].' AND password = '.$_POST['mot_de_passe'].' ');
Without the 'AND...' part, I can check if the username exists, but then when I add the 'AND...' part, the query doesn't work, and the 'AND' is not in the same color as 'SELECT * FROM'and 'WHERE'
I have tried dots, simple quotes, quotes, but nothing changes.
Thanks in advance.
You must use "
or '
about string in SQL
$reponse = $bdd->query('SELECT * FROM user_data WHERE username = "'.$_POST['pseudo'].'" AND password = "'.$_POST['mot_de_passe'].'" ');
And your code can't prevent SQL INJECTION attack.
Please use prepared statement
or bind param
.
Use the below code and check weather it works or not.
$reponse = $bdd->query('SELECT * FROM user_data WHERE username = ' .
$_POST['pseudo'] . ' AND password = ' . $_POST['mot_de_passe'] );
also check your password type stored in your database and try to match that
$reponse = $bdd->query('SELECT * FROM user_data WHERE password = ' .
$_POST['mot_de_passe'] );
if working then check your database keys and match your password spelling and things like that..