Re: [PHP] Sometimes I wonder why I even started programming...

[Ray Hauge]

Jason Pruim wrote:
So I was supposed to go home a half hour ago but that didn't happen... I 
hate deadlines! :P

Can someone tell me why this code works for setting the table name:
    
function authentication($user, $pass, $authenticated, $table){
       
            // Keep in mind, PASSWORD has meaning in MySQL
            // Do your string sanitizing here
            // (e.g. - $user = mysql_real_escape_string($_POST['user']);)
            $salt = "salt";
            $salt1 = $salt;
            $salt1 .= $pass;
    
            $password = md5("$salt1");
            $loginQuery = "SELECT * FROM current WHERE 
loginName='".$user."' AND loginPassword='".$password."' LIMIT 0,1;";
            $loginResult = mysql_query($loginQuery) or die("Wrong data 
supplied or database error"  .mysql_error());
            while($row1 = mysql_fetch_array($loginResult)) {
                $_SESSION['user'] = $row1['loginName'];
                $_SESSION['loggedin'] = "YES";
                $authenticated = "true";
                $_SESSION['table'] = $row1['tableName'];
       
            }
        return $table;
        return $authenticated;
    }   

But this code doesn't:

     function authentication($user, $pass, $authenticated, $table){
       
            // Keep in mind, PASSWORD has meaning in MySQL
            // Do your string sanitizing here
            // (e.g. - $user = mysql_real_escape_string($_POST['user']);)
            $salt = "salt";
            $salt1 = $salt;
            $salt1 .= $pass;
    
            $password = md5("$salt1");
            $loginQuery = "SELECT * FROM current WHERE 
loginName='".$user."' AND loginPassword='".$password."' LIMIT 0,1;";
            $loginResult = mysql_query($loginQuery) or die("Wrong data 
supplied or database error"  .mysql_error());
            while($row1 = mysql_fetch_array($loginResult)) {
                $_SESSION['user'] = $row1['loginName'];
                $_SESSION['loggedin'] = "YES";
                $authenticated = "true";
                $table = $row1['tableName'];
       
            }
        return $table;
        return $authenticated;
    }    \


the query that I'm using is simply this: $query = "SELECT * FROM 
".$_SESSION['table']." order by ".$sortOrder."";

Or this: $query = "SELECT * FROM ".$table." order by ".$sortOrder."";

Depending on if you use the working or the non-working code :)

Any ideas?

--

Jason Pruim
Raoset Inc.
Technology Manager
MQC Specialist
3251 132nd ave
Holland, MI, 49424-9337
www.raoset.com
[EMAIL PROTECTED]





The only difference I'm seeing is you're assigning the 
$row1['tableName'] to $table rather than $_SESSION['table'].  Is that 
intended?  $table isn't defined in the top function, so it would most 
likely return null.

Also, since you're only expecting one result, you could do away with the 
 while loop and just run $row1 = mysql_fetch_array($loginResult). It 
would accomplish the same goal (nitpicking... sorry).

Also, why are there two return statements? The second will never run.

Maybe I missed something though.

--
Ray Hauge
www.primateapplications.com

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php