I have three tables in MSSQL for a game which are structured as follows:
CHARS
This is the look up table it has:
- strAccount which is linked to the primary key of NGSCUSER it is the
account username - strChar01 which is the first character slot
- strChar02 which is the second character slot
- strChar03 which is the third character slot
these have the primary key of the gameuser table inside they are character names
NGSCUSER
- strUserID account username
- strPasswd account password
GAMEUSER
- strUserId this is the character name
- sRank whether the character is a game master
What I need to be able to do in is compare the login details against the PHP variables $username and $password in the query and most importantly check their associated character and find out whether it has a sRank of 1
I assume I need a three table join of some kind but I don’t know how to go about it any examples or help would be much appreciated
This is the query I’ve tried to build so far but it errors on the third line with incorrect syntax near ‘CHARS’:
SELECT NGSCUSER.strUserID, NGSCUSER.strPasswd, GAMEUSER.sRank
FROM 'CHARS'
INNER JOIN NGSCUSER ON NGSCUSER.strUserId = CHARS.strAccount
INNER JOIN GAMEUSER ON GAMEUSER.strUserId = CHARS.strChar01
INNER JOIN GAMEUSER ON GAMEUSER.strUserId = CHARS.strChar02
INNER JOIN GAMEUSER ON GAMEUSER.strUserId = CHARS.strChar03
WHERE NGSCUSER.strUserId='$username' and NGSCUSER.strPasswd='$password' and GAMEUSER.sRank = '1'
Firstly, to literally answer your question (which probably doesn’t solve your problem), you need to alias your tables to join multiple tables:
However, if you’re trying to pull back the
gameuserrow that matches any character slot, then you need to usein:And, now that I have your attention, I would like to do the following PSAs:
$usernameand$passwordso that you are not susceptible to SQL injection.select * from ngscuserand get everybody’s password, shame on you. Shame. Shame. Shame.