SQL statement check

$user and $pass exist.

username, password and idl are columns in table: login and are defined with values.

I am trying to validate the existence of the username and password combination thru $result and $idl.

Could someone check my SQL statement.

if ($user!=null And $pass!=null){
        $sql = "SELECT `idl` FROM `login` WHERE username=" . $user . " AND password=" . $pass . ";";

You are going to want to single quote those variables and get rid of extra ; at the end. So it’s a little hard to tell but I have a full quote, then single quote then full quote at the end. Also if you are going to add … for marking or other reason, you’ll want to comment them out with //.

if ($user!=null And $pass!=null){
        $sql = "SELECT `idl` FROM `login` WHERE username = '" . $user . "' AND password = '" . $pass . "'";

In this case, I think interpolation offers far better readability that concatenation:

$sql = "SELECT `idl` FROM `login` WHERE username = '{$user}' AND password = '{$pass}'";

@Philosophaie, be sure to sanitise those variables before using them inside of your query.