-6

I'm getting an error as per the title, on line 14. I'm very new to php, I login and this code throws an error on logging in to the index page. I am able to login though (not too sure how).

<?php
include 'functions.php';
include_once("config.php");
session_start();
if(!isset($_SESSION["email"])){
  header("location: login.php");
  exit();
}
$id = preg_replace('#[^0-9]#i', '',$_SESSION["id"]);
$email = preg_replace('#[^A-Za-z0-9]#i', '', $_SESSION["email"]);
$password = preg_replace('#[^A-Za-z0-9]#i', '', $_SESSION["password"]);
include "db_connect.php";
$sql=mysql_query("SELECT * FROM 'members' WHERE id - ? LIMIT 1"); // query the person
$existCount=mysql_num_rows($sql); // count the nums
if ($existCount==1){//evaluate the count
  echo "Your login session data is not on record in the database";
  exit();
}
?>
halfer
  • 19,471
  • 17
  • 87
  • 173
suggsy89
  • 1
  • 1

2 Answers2

0

Your SQL Statement is incomplete:

Instead of


    $sql=mysql_query("SELECT * FROM 'members' WHERE id - ? LIMIT 1"); // query the person

use this


    $sql=mysql_query("SELECT * FROM members WHERE id ="."'".$id."'"." and password ="."'".$password."' LIMIT 1"); // query the person

that is ofcourse assuming you are using your password as is (which is not a good idea). You should encode it before storing it in the database.

entrapeneur
  • 36
  • 3
-1

Just correct your query statement like this:

<?php
 $sql = "SELECT * FROM `members` WHERE id = '{$id}' LIMIT 1";
 // `members` can also be simply members only but don't use quotes like ('', or "")
 ?>

Query this statement and you will get yourself out of the problem.
Bit of suggestion mysql_* is officially deprecated, so use mysqli or PDO.

nurakantech
  • 490
  • 4
  • 14