Uh, no. Your problem is obvious:
$sql = "SELECT *
FROM users
WHERE username='$_SERVER["PHP_AUTH_USER"]' and
password='$_SERVER["PHP_AUTH_PW"]'";
You have double-quotes inside a double-quoted string.
Like I said, don't use quotes around the array index inside a quoted
string. So change the above to:
$sql = "SELECT *
FROM users
WHERE username='$_SERVER[PHP_AUTH_USER]' and
password='$_SERVER[PHP_AUTH_PW]'";
Constants are not expanded inside a quoted string, so that is the correct
way to handle array indices if you want to keep them inside the quoted
string.
-Rasmus
On Sun, 10 Nov 2002, Leif K-Brooks wrote:
> Uh, no. That makes it think it's a constant, which generates a notice.
>
> Rasmus Lerdorf wrote:
>
> >Don't use quotes around the array index inside a quoted string.
> >
> >-Rasmus
> >
> >On 10 Nov 2002, Ray Seals wrote:
> >
> >
> >
> >>>The fact that tutorials are outdated & using old code is not a good reason
> >>>to stick with it :)
> >>>
> >>>
> >>I agree totally.
> >>
> >>So I'm trying to use the $_Server variables but I continue to get this
> >>error:
> >>
> >>Parse error: parse error, expecting 'T_STRNG' or 'T_VARIABLE' or
> >>'T_NUM_STRING' in <blah, blah, blah> on line 33.
> >>
> >>Here is the script that is doing this:
> >>
> >><?php
> >>
> >>
> >> // File Name: auth04.php
> >> // Check to see if $PHP_AUTH_USER already contains info
> >>
> >> if (!isset($_SERVER["PHP_AUTH_USER"])) {
> >>
> >> // If empty, send header causing dialog box to appear
> >>
> >> header('WWW-Authenticate: Basic realm="My Private
> >>Stuff"');
> >> header('HTTP/1.0 401 Unauthorized');
> >> exit;
> >>
> >> } else if (isset($_SERVER["PHP_AUTH_USER"])) {
> >>
> >> // If non-empty, check the database for matches
> >> // connect to MySQL
> >>
> >> mysql_connect("hostname", "username", "password")
> >>
> >> or die ("Unable to connect to database.");
> >>
> >> // select database on MySQL server
> >>
> >> mysql_select_db("dev_i2ii_com")
> >> or die ("Unable to select database.");
> >>
> >> // Formulate the query
> >>
> >> $sql = "SELECT *
> >> FROM users
> >> WHERE username='$_SERVER["PHP_AUTH_USER"]' and
> >>password='$_SERVER["PHP_AUTH_PW"]'";
> >>
> >>
> >>
> >> // Execute the query and put results in $result
> >>
> >> $result = mysql_query($sql);
> >>
> >> // Get number of rows in $result. 0 if invalid, 1 if
> >>valid.
> >>
> >> $num = mysql_numrows($result);
> >>
> >> if ($num != "0") {
> >> echo "<P>You're authorized!</p>";
> >> exit;
> >>
> >> } else {
> >>
> >> header('WWW-Authenticate: Basic realm="My
> >>Private Stuff"');
> >> header('HTTP/1.0 401 Unauthorized');
> >> echo 'Authorization Required.';
> >> exit;
> >>
> >> }
> >>
> >> }
> >>
> >>
> >>
> >>?>
> >>
> >>----------------------
> >>The data base stuff hasn't been put in yet, I'm just trying to get the
> >>script to load cleanly before I trouble shoot the database connector
> >>side.
> >>
> >>Ray
> >>
> >>
> >>--
> >>PHP General Mailing List (http://www.php.net/)
> >>To unsubscribe, visit: http://www.php.net/unsub.php
> >>
> >>
> >>
> >
> >
> >
> >
>
> --
> The above message is encrypted with double rot13 encoding. Any unauthorized attempt
>to decrypt it will be prosecuted to the full extent of the law.
>
>
>
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
