Unknown column 'email' in 'where clause'

MySQL database
#1

Hi folks! I’m new on the forum, thought I’d get some help after I’ve been banging my head against the wall for a couple days trying to get a simple register code to work. I created the following table:
CREATE TABLE users (
id int(11) NOT NULL auto_increment,
username varchar(32) NOT NULL,
password varchar(32) NOT NULL,
email varchar(255) NOT NULL,
name varchar(64) NOT NULL,
aim varchar(16) NOT NULL,
admin int(11) NOT NULL default ‘0’,
time int(15) NOT NULL default ‘0’,
PRIMARY KEY (id)
) ENGINE=InnoDB DEFAULT CHARSET=latin1;

And think I set up everything correctly (obviously not), so I keep getting the error unknown column ‘email’ in ‘where clause’. I looked this up on Google and from what I’m reading the user made some mistake setting up the table, however mine should be set up correctly to work with the where clause? Here’s the only where clause having to do with email on my register script:
[php]
if($email){
$sql2 = “SELECT * FROM users WHERE email=’.$email.’”;
$res2 = mysql_query($sql2) or die(mysql_error());

            if(mysql_num_rows($res2) > 0){
                $errors[] = "The e-mail address you supplied is already in use of another user!";
            }
    }

[/php]

I guess I’m just confused as to what I did wrong here. Any explanations would be helpful!

#2

Well, $email comes from where? You can’t do if($email), that means that $email is a boolean variable.
If it comes from a posted form, you would get it with something like…
$email=$_POST[‘email_from_form_fieldname’];

Then, to test it you would use if($email != “”) or some other valid compare.
Or, even if(isset($_POST[‘email_from_form_fieldname’])) to test it before you acquire it…

Then, use your query like this:
$sql2 = “SELECT * FROM users WHERE email=’” . $email . “’”;
(Note the quotes and double-quotes…)

Good luck…

#3

Hi, thank you very much for your insight! I redid the coding with the isset’s you’ve mentioned, and tried to check each query. However after I register, it says Fatal Error: Cannot redeclare hash()

I know the hash function already comes with php, but I’m a bit confused on how would I create a salt/hash without declaring it? Here’s the entire register script I have, the salts and hashes I added for (supposed, from my readings anyway) better security.

[php]if($loggedin == ‘1’)
die(‘You can’t register another account while you’re logged in.’);

if(isset($_POST[‘submit’]))
{
$uname = trim($_POST[‘username’]);

function hash($pass) {
$hash = hash(‘sha256’, $pass);

function createSalt()
{
$string = md5(uniqid(rand(), true));
return substr($string, 0, 3);
}

$salt = createSalt();
$hash = hash(‘sha256’, $salt . $hash);
$uname = mysql_real_escape_string($uname);
}

if((!isset($_POST[‘username’])) || (!isset($_POST[‘pass’]))
|| ($uname == ‘’) || ($_POST[‘pass’] == ‘’))
die(“Please fill out the form completely.


Continue”);

$check = @mysql_query(“SELECT id FROM players WHERE username = ‘$uname’”);
$check = @mysql_num_rows($check);

if($check > 0)
die(“Sorry, that username has already been taken. Please try again.



Continue”);

$pass = md5($_POST[‘pass’]);

$newPlayer = @mysql_query(“INSERT INTO players (username, password, registered) VALUES (’$username’,’$hash’,’$salt’)”) or die("Error: ".mysql_error());

echo ‘You have been registered! You may now Log in.’;

}
else
{

echo ’
Username:

Password:

';

}
[/php]

#4

That’s an easy one…

You created a FUNCTION called “hash” !

Then, later you used that name again as a string “$hash” !

I don’t think you can do that…

(So, $hash = hash(blah blah blah) is invalid…)
(But, $salt = createsalt(blah blah blah) is okay )

Hope that helps… (I will be gone for a few hours. Will check in on you when I get back!)

#5

Thanks, that did the trick! However it was brought to my attention that the hash & salts are a bit weak security-wise, and someone suggested bcrypt for hashing passwords instead. So unless you’d like to help assist me with that, I’m off to research some more and see if bcrypt lives up to the hype (and eventually ask a couple questions on the security board here). You’ve been a great help, thanks ErnieAlex!

#6

LOL, Karma me up… LOL…

By the way, everyone seems to use the MD5 deal for the password protection…

Look into that… It is actually not a problem if you protect your site in other ways…

Just make sure that ANY text input is protected against programmed inputs… Good luck…

#7

Helping people at 02:03:04 AM?

You are the BESTer, Ernie LOL :o

#8

He is indeed!

Sponsor our Newsletter | Privacy Policy | Terms of Service