[PHP] Re: why doesnt this work???
What I think you'd note, actually, is that you ALWAYS get the matching echo, and never the non-matching, because you're using an assignment operator instead of comparison. It should read if ($line[1]==' instead of ($line[1]='. --Matt Chris wrote: this script receives vars b and p from a form. If b and p matches the echo on IF, then it works just fine. The problem is that if the vars dont match the ELSE ECHO does not apear... why not? ? $bruker = $HTTP_POST_VARS[b]; $passord = $HTTP_POST_VARS[p]; $hostname = ; $username = ; $password = ; $dbname = ; MSSQL_CONNECT($hostname,$username,$password); mssql_select_db($dbname); $query = select * from medlemmer where bruker = '$bruker' and passord = '$passord'; $result = mssql_query( $query ); for ($i = 0; $i mssql_num_rows( $result ); ++$i) { $line = mssql_fetch_row($result); if( $line[1]='$bruker' and $line[2]='$passord') echo hei $bruker.; else echo FEIL; } ? -Chris -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: Delete Confirmation
Daniel Negron/Kbe wrote: Does anyone have examples of record deletions from php to mysql Could you be more specific? $sql = DELETE from tablename where tablename_idx = $index; $result = mysql_query($sql); would be a very simple example of deleting a record from a hypothetical database with php, but I'm not sure if that's what you were really asking. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: new to php/mysql - insert not working
The actual typo in your code is a trailing comma in your sql statement. '.$img_group.', '.$display.', ); Strip out the comma after your last single quote. It's very useful to have CLI access to mysql. Then you could just say, print QUERY: $query BR\n; and instead of executing it, paste it into the mysql CLI and see what it has to say. You may also want to keep an eye on your web server logs, or raise php errors so they are printed in the web server output, but in this case, you'd probably see no error. --Matt Robert McPeak wrote: Can somebody help me with this? The following code gets me document contains no data. I have done a successfull select from mysql db, but not an insertion. I don't know how to troubleshoot this. Any help is much appreciated. Thanks! ?php $id = addslashes($id); $visitdate = addslashes($visitdate); $img_group = addslashes($img_group); $img_url = addslashes($img_url); $display = addslashes($display); $db = mysql_connect(www, mmc, mmc-WWW); if (!$db) { echo Error: Could not connect to database. Please try again later.; exit; } mysql_select_db(mmc); $query = insert into visitorgallery values ('.$id.', '.$img_url.', '.$visitdate.', '.$img_group.', '.$display.', ); $result = mysql_query($query); if ($result) echo mysql_affected_rows(). Image inserted! ; ? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: Accessing form variables
If your form is: SELECT name=a OPTION value=11/OPTION OPTION value=22/OPTION /SELECT SELECT name=b OPTION value=11/OPTION OPTION value=22/OPTION /SELECT Then you'd have two php post variables available, a and b, each would have a value of 1 or 2, which you could get from HTTP_POST_VARS or, with later php versions, $_POST[a] and $_POST[b]. Joshua E Minnie wrote: I have a form with a menu which I need multiple select on. How does PHP handle this? I have to use $HTTP_POST_VARS[somevariable] to access somevariable from the form. -- Joshua E Minnie CIO [EMAIL PROTECTED] Don't work for recognition, but always do work worthy of recognition. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: sessions not so secure..solution?
Steve Clay wrote: Hello, I'm building an e-commerce site which uses sessions to hold my $cart object. This works great but I've two worries: 1) When the user connects through our secure hostname, can I ensure the browser will send the server the cookie (w/ SESSID)? The user will shop through domain.com and checkout via https:secure.domain.com. (haven't got cert yet) If your cookie domain is .domain.com, it will send the cookie to both, however, you don't really WANT to use the same cookie in both places. 2) While the user shops the SESSID is thrown around insecurely (no big deal, just a cart). But when I move the user to a secure server to get sensitive info a resourceful hacker could also go to the checkout script using this SESSID and 'confirm' the real user's personal details (kept in another registered session object). Yes, and so this is inappropriate. Allocate a cookie for all pages (ssl and not). When they transition to SSL for checkout, then give them an SSL cookie as well, and associate it with the old cookie. You could store them in a session -- I do it in a database table. Store the time you allocated the SSL cookie. Mandate that when someone views a secure page, to be considered authenticated, they must hand you the SSL-only cookie. You can use its association to retrieve the cart, but not to let someone else interrupt the ordering process, or use its authentication properties to view personal details, cancel an order, etc. Since you set the cookie to be SSL-ONLY (there's a flag for that in setcookie()), it won't be passed in the clear. Associate the assignment time of the cookie with it, and each pageview, reset it to some reasonable number, say 5-30 min. After that time expires, the cookie is no good and you reassign one. In my own scheme, that's when a user re-enters their password. Anyhow, the dual-cookie approach will allow you to maintain reasonable security. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php