Re: syntax error in from clause on godaddy hosting

Mon, 18 Aug 2008 10:18:23 -0700 

SELECT * 
FROM [user] 
WHERE uname = <cfqueryparam value="#uname#" cfsqltype="cf_sql_char"> AND 
      pword= <cfqueryparam value="#pword#" cfsqltype="cf_sql_char">


and...

you now need to remove this line, because you've exposed your master password 
to the internet

if (session.user.uname eq "ben" OR session.user.uname eq "jgray4567") {
                                        session.masteradmin = "Y";
                                }


never, ever, ever hard code this kind of thing...




kevin pieto wrote:
>> We moved our site over to a new hosting company (godaddy) and are now 
>> receiving an error on admin login.  It worked fine with the previous 
>> host be now has an error with godaddy. Any suggestions?  
>>
>> error shown here
>>
>> http://www.frontierstravel.com/pic10.jpg 
>>     
>
> Thanks for the help, however I'm not a coder and try the suggestions to no 
> avail.  all your help is appreciated.  Here's my code
>
> <!---<cftry>--->
>       <cfset uname=attributes.uname>
>       <cfset pword=attributes.pword>
>       <cfquery name="user_login" datasource="#request.dsn#">
>               SELECT * FROM user WHERE uname='#uname#' AND pword='#pword#'
>       </cfquery>
>       <!--- invalid --->
>       <cfif user_login.recordcount EQ 0>
>               <cfset caller.uname=uname>
>               <cflock timeout="30" throwontimeout="Yes" type="EXCLUSIVE" 
> scope="SESSION">
>                       <cfscript>
>                               if (structkeyexists(session, "user") is false )
>                                       session.user=structNew();
>                               session.user.admin_loggedin=false;
>                       </cfscript>
>               </cflock>
>       <!--- valid --->
>       <cfelse>
>               <cflock timeout="30" throwontimeout="Yes" type="EXCLUSIVE" 
> scope="SESSION">
>                       <cfscript>
>                               if (structkeyexists(session, "user") is false )
>                                       session.user=structNew();
>                               session.user.admin_loggedin=true;
>                               session.user.userid=user_login.userid;
>                               session.user.uname=user_login.uname;
>                               session.user.user_fname=user_login.user_fname;
>                               session.user.user_lname=user_login.user_lname;
>                               session.user.is_admin=user_login.is_admin;
>                               session.masteradmin = "N";
>                               if (session.user.uname eq "ben" OR 
> session.user.uname eq "jgray4567") {
>                                       session.masteradmin = "Y";
>                               }
>                       </cfscript>
>               </cflock>
>       </cfif>
>       <!---<cfcatch type="Any">
>               <cflocation url="login.cfm" addtoken="no">
>       </cfcatch>
> </cftry>--->
>
> Thanks 
>
> 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~|
Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to 
date
Get the Free Trial
http://ad.doubleclick.net/clk;203748912;27390454;j

Archive: 
http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:311207
Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm
Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4

Reply via email to