Whats wrong with this query? Using ands

61 Views Asked by At

I've got no errors, nothing, but for some reason my page is blank, thanks to this:

$userBusca = mysqli_query($conn, "SELECT * FROM account.login_admin WHERE login='".$login."' AND password='".$password."' AND key='".$key_load."'") or die(mysql_error());

The login and password are froma form, and the key_load is a string from a text file.

Is there anythin wrong with this?

EDIT: everything works without the key='".$key_load."'

1

There are 1 best solutions below

3
On BEST ANSWER

AND key

wrap it in ticks

AND `key`

Or rename it to something else, like the_key, but don't try keys because that too is a MySQL reserved word.

You're also mixing APIs with mysql_error() which should be mysqli_error($conn)

  • Those different MySQL APIs/functions do not intermix with each other.

Also, am hoping you are storing a safe hash.

If not:

For password storage, use CRYPT_BLOWFISH or PHP 5.5's password_hash() function. For PHP < 5.5 use the password_hash() compatibility pack.