I am having trouble getting this SQL command to work correctly. (I know this code is insecure, I just need to get it working first.) When I run this I get the error: "Unknown column 'username' in 'where clause'"
$login_username = $_POST['username'];
$login_password = $_POST['password'];
$lc = "SELECT * FROM user WHERE username = $login_username AND password = $login_password";
$lcr = mysql_query($lc);
$lcgr = mysql_num_rows($lcr)or die(mysql_error());
If you are getting that error it means that your user table has no column called username.
Secondly, your code is open to SQL Injection. You should validate and secure your $_POST values.
Also, you should perform the die check on mysql_query rather than mysql_num_rows.
try using the quotes in the query:
$lc = "SELECT * FROM user WHERE username = '$login_username' AND password = '$login_password'";
It appears that username in your query is not the correct column name. Can you check?
Do you have the column 'username' in your 'user' table? Try DESC user so you're sure of what your field names are in the table and you can amend your query accordingly.
You'll also want to encapsulate your strings (presumably username and password are strings) in quotes.
You've already alluded to knowing your code is insecure so I'll leave any injection commentary out :)
first - do you have a column named "username" in the user table in your database?
Second = put $login_username and $login_password in single quotes as they are strings, right?
