CODEWITHSUNDEEP
mysql
Atif
Atif

Reputation: 77

Issue in Query. Not working

<?php
        echo "Hello test <br>";
        $userid = $_GET['userid'];
        echo "your user userid is " . $userid . " &";
        $salt = $_GET['salt'];
        echo " your user salt is " . $salt;
        // Query for finding the data from db
        // Issue in query
        $sql = "SELECT * FROM test.test where id=" .$userid AND "salt=".$salt;
        echo "<br>" . $sql;
        $result = $conn->query($sql);
        if (!empty($result)) 
        {         
            echo "<br>Result Found";
        } 
        else 
        {
            echo "<br> Invalid link !";
        }
        // }
?>

My Query is not working properly. If I reduce my query to id=".$userid it works properly but if I add remaining portion its not working.

Upvotes: 0

Views: 47

Answers (3)

Sagar Panda
Sagar Panda

Reputation: 561

$sql = "SELECT * FROM sauberlux_com.tbl_b2cuser where id = $userid AND salt = '$salt' ";

Also you can refer here for sql injection

Upvotes: 0

It&#39;s Hamlet
It&#39;s Hamlet

Reputation: 1

$sql = "SELECT * FROM sauberlux_com.tbl_b2cuser where id = $userid AND salt = $salt";

Try it.

Upvotes: 0

michelem
michelem

Reputation: 14590

The $sql line should be:

$sql = "SELECT * FROM sauberlux_com.tbl_b2cuser where id=".$userid." AND salt=".$salt;

Upvotes: 1

Related Questions