So I'm fairly new to PHP, but I'm trying to create a simple login system.
The problem that I have right now, is that for some reason the second SQL statement fails, or doesn't give anything back.
Here is the code that I use.
include 'dbConn.php';
if(isset($_POST['submit']))
{
global $conn;
$username = $_POST['username'];
$password = $_POST['password'];
$saltSql = "SELECT salt FROM users WHERE email = '$username'";
$saltRes = $conn->query($saltSql);
while($resRow = $saltRes->fetch_assoc()){
$salt = $resRow['salt'];
}
$saltedHash = hash("sha512", ($password . $salt));
$sql = "SELECT email, role, FROM users WHERE email = '$username' AND password = '$saltedHash'";
$res = $conn->query($sql);
if($res->num_rows == 1)
{
//Logged in succesfully
echo "Logged in!";
}
else
{
//Something went wrong
echo "Something went wrong";
}
$conn->close();
}
When I manually try to execute the second query in phpmyadmin I get this error: #1064 - You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'FROM users WHERE email = 'username' AND password = '5111109d49bc1' at line 1.
I would really appreciate some help with this.
Your problem seems to be this:
$sql = "SELECT email, role, FROM users WHERE email = '$username' AND password = '$saltedHash'"
--------------------------^
You have an extra comma , that causes crash your SQL query. Remove it and it works:
$sql = "SELECT email, role FROM users WHERE email = '$username' AND password = '$saltedHash'"