Hi, I keep getting thrown this error, ‘You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ‘‘users’WHERE’emails’=‘[email protected]’AND’password’=‘test’’ at line 1’ and I cant seem to find or devise a solution, the entire code this applies to is:
if($_SERVER[“REQUEST_METHOD”] == “POST”); {
// username and password sent from form
if(isset($_POST[‘email’])){
$email = mysqli_real_escape_string($dbhandle,$_POST[‘email’]);
}
if(isset($_POST[‘password’])){
$mypassword = mysqli_real_escape_string($dbhandle,$_POST[‘password’]);
}
//sql match if password and email are the same
$br = "SELECT'accountID'FROM'users'WHERE'emails'='".$email."'AND'password'='".$mypassword."'";
$result = mysqli_query($dbhandle,$br) or die(mysqli_error($dbhandle));
$row = mysqli_fetch_array($result, MYSQLI_ASSOC)or die(mysqli_error($dbhandle));
$totNumRow=mysqli_num_rows($result)or die(mysqli_error($dbhandle));
if($totNumRow >0)
{
echo("success");
header("location: welcome.php");
}
else{
echo("login failed");
}
}
Any help is appreciated, also, I know this is currently vulnerable to sql injection but i need to sort this so went to basics - Thanks in advance ;D