Syntax error in PHP login page query

Question

I am trying to make a PHP login page that checks weather the user entered details are in the database but it returns the following error:

Fatal error: Uncaught PDOException: SQLSTATE[42000]: Syntax error or access violation: 1064 You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near 'SLEECT * FROM users where username = NULL AND password = NULL' at line 1 in C:\xampp\htdocs\sign\login.php:18 Stack trace: #0 C:\xampp\htdocs\sign\login.php(18): PDOStatement->execute() #1
C:\xampp\htdocs\sign\login.php(31): SignIn() #2 {main} thrown in C:\xampp\htdocs\sign\login.php on line 18

What am I doing wrong and how can I fix it?

<?php  
include('connection.php');
$username =$_POST['username'];
$password = $_POST['password'];
if($username == '') {
$errmsg_arr[] = 'You must enter your Username';
$errflag = true;
}
if($password == '') {
$errmsg_arr[] = 'You must enter your Password';
$errflag = true;
}
function SignIn(){
global $connection;
$search = $connection->prepare("SLEECT * FROM users where username = 
:username AND password = :password");
$search->bindParam(':username',$username);
$search->bindParam(':password',$password);
$result = $search->execute();
$count = $result->rowcount();
if($count> 0)
{
    $_SESSION['username'] = $_POST['username'];
    echo "welcom to the page ";
}
else{
    echo "wron email or password";
}
}
if(isset($_POST['submit']))
{
SignIn();
}
?>

the code written in connection.php is

<?php
try{
$connection = new PDO('mysql:host=localhost;dbname=signup;charset=utf8mb4', 
'root', '');
$connection->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
}catch(PDOException $err){
echo $err->getMessage();
die();
}
?>

the HTML code written is

<html>
<body>
<form method="POST" action="login.php">
<b>Enter your username: </b><br>
<input type="text" name="username"><br>
<b>Enter your password: </b><br>
<input type="password" name ="password"><br>
<input type="submit" name="submit">
</form>
</body>
</html>

Possible duplicate of [Reference - What does this error mean in PHP?](https://stackoverflow.com/questions/12769982/reference-what-does-this-error-mean-in-php) — nyedidikeke, Jul 08 '17 at 03:58

score 0 · Answer 1 · answered Jul 08 '17 at 04:07

0

You get error message like this because you call variables not defined $username and $password inside SignIn() function. That's why, the query will treat them as null.

Fatal error: Uncaught PDOException: SQLSTATE[42000]: Syntax error or access violation: 1064 You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near 'SLEECT * FROM users where username = NULL AND password = NULL' at line 1 in

You can pass it on function defenition

function SignIn($username, $password)

Then please check the $_POST["submit"] first, then validate the username & password and call SignIn($username, $password)

if(isset($_POST['submit']))
{
    $username = $_POST['username'];
    $password = $_POST['password'];
    $errflag  = false;
    if($username == '') {
       $errmsg_arr[] = 'You must enter your Username';
       $errflag = true;
    }

    if($password == '') {
       $errmsg_arr[] = 'You must enter your Password';
       $errflag = true;
    }

    if ($errflag == false) {
       SignIn($username, $password);
    }
}

answered Jul 08 '17 at 04:07

Dolly Aswin

2,684
1
20
23

I have tried the above change but previosly I have entered my username as 'john' and password as 'america' theese are also in my database but when I press login I received the fallowing error – Jul 08 '17 at 04:23
Fatal error: Uncaught PDOException: SQLSTATE[42000]: Syntax error or access violation: 1064 You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near 'SLEECT * FROM users where username = 'john' AND password = 'america'' at line 1 in C:\xampp\htdocs\sign\login.php:27 Stack trace: #0 C:\xampp\htdocs\sign\login.php(27): PDOStatement->execute() #1 C:\xampp\htdocs\sign\login.php(19): SignIn('john', 'america') #2 {main} thrown in C:\xampp\htdocs\sign\login.php on line 27 – Jul 08 '17 at 04:24
and line 27 is this statement - $result = $search->execute(); – Jul 08 '17 at 04:25
Your sql is typo. `SLEECT * FROM users where username = NULL AND password = NULL`. This is should be `SELECT` not `SLEECT` – Dolly Aswin Jul 08 '17 at 04:25
Edit your comment . at the end SELECT not SELECT @DollyAswin – JYoThI Jul 08 '17 at 04:28

JYoThI · Accepted Answer · 2017-07-08T05:05:02.200

0

1ST : SLEECT spelling is SELECT

2ND : Follow the dolly aswin suggested steps .

if(isset($_POST['submit']))
{
    ......
}

3RD : rowcount() should be rowCount() . c should be caps.

4TH : you need to get the rowcount from statement .not from Boolean value $result only contains Boolean value true or false

 $count = $result->rowCount();

change to

$count = $search->rowCount();

edited Jul 08 '17 at 05:05

answered Jul 08 '17 at 04:26

JYoThI

11,977
1
11
26

yes I have done it thankyou but it gives an another error I have even passed the variables $username and $password into the function SignIn() but I received the fallowing error --- Fatal error: Uncaught Error: Call to a member function rowcount() on boolean in C can you please help me out – Jul 08 '17 at 04:38
the entire error is --- Fatal error: Uncaught Error: Call to a member function rowcount() on boolean in C:\xampp\htdocs\sign\login.php:28 Stack trace: #0 C:\xampp\htdocs\sign\login.php(19): SignIn('john', 'america') #1 {main} thrown in C:\xampp\htdocs\sign\login.php on line 28 – Jul 08 '17 at 04:38
@Ram use `rowCount()` instead of `rowcount()` – Dolly Aswin Jul 08 '17 at 04:40
yeahs c should be caps – JYoThI Jul 08 '17 at 04:41
thankyou for the answer but even if the 'c' is cpital in rowCount() it return the same error in the fallowing way --- Fatal error: Uncaught Error: Call to a member function rowCount() on boolean in C:\xampp\htdocs\sign\login.php:28 Stack trace: #0 C:\xampp\htdocs\sign\login.php(19): SignIn('john', 'america') #1 {main} thrown in C:\xampp\htdocs\sign\login.php on line 28 – Jul 08 '17 at 04:44
I think your query failing due to some reason try to use try catch black try { $search->execute();} catch(PDOException $e){echo $e->getMessage();} – JYoThI Jul 08 '17 at 04:46
change this line $count = $search->rowCount(); – JYoThI Jul 08 '17 at 04:50
@JYoThI it is finally got working but can you please explain the difference when my code is ----- $result = $search->execute(); $count = $result->rowCount(); it did not work but when the code is ---- $search->execute(); $count = $search->rowCount(); it got worked may I know what is difference between both of them?? – Jul 08 '17 at 05:01
$result=$search->execute(); here $search->execute(); it will return true or false . so $result only contains true or false only . you cant fetch the rowcount form those boolean values . you need to get the rowcount from statement i.e $search . did you got it ? @Ram – JYoThI Jul 08 '17 at 05:04
@JYoThI and Dolly Aswin thankyou for the explanation and helping me solving this issue – Jul 08 '17 at 05:10

Syntax error in PHP login page query

2 Answers2