On Aug 22, 2010, at 7:12 PM, Chris wrote:
On 20/08/10 08:05, Karl DeSaulniers wrote:
On Aug 19, 2010, at 4:44 PM, Karl DeSaulniers wrote:
On Aug 19, 2010, at 4:36 PM, Daevid Vincent wrote:
You should be using
http://us2.php.net/manual/en/function.mysql-escape-string.php
You don't need
You use mysql_real_escape_string for queries on the way in.
$query = select * from table where
name='.mysql_real_escape_string($_POST['name']).';
You use htmlspecialchars on the way out:
$value = htmlspecialchars($row['name']);
--
Postgresql php tutorials
http://www.designmagick.com/
--
On Aug 23, 2010, at 8:35 PM, Chris wrote:
You use mysql_real_escape_string for queries on the way in.
$query = select * from table where
name='.mysql_real_escape_string($_POST['name']).';
You use htmlspecialchars on the way out:
$value = htmlspecialchars($row['name']);
--
Postgresql
To be more specific. Is this correct?
function confirmUP($username, $password){
$username = mysql_real_escape_string($username);
/* Verify that user is in database */
$q = SELECT password FROM TBL-U WHERE username = '$username';
I normally do it in the query in case you use the variable
On Aug 23, 2010, at 9:31 PM, Chris wrote:
To be more specific. Is this correct?
function confirmUP($username, $password){
$username = mysql_real_escape_string($username);
/* Verify that user is in database */
$q = SELECT password FROM TBL-U WHERE username = '$username';
I normally do it
On Aug 23, 2010, at 10:04 PM, Karl DeSaulniers wrote:
On Aug 23, 2010, at 9:31 PM, Chris wrote:
To be more specific. Is this correct?
function confirmUP($username, $password){
$username = mysql_real_escape_string($username);
/* Verify that user is in database */
$q = SELECT password FROM
Just to make sure, cause I am ready to get past this.
Is this correct?
function confirmUP($username, $password){
/* Verify that user is in database */
$q = SELECT password FROM .TBL_USERS. WHERE username =
'.mysql_real_escape_string($username).';
Perfect.
/* Retrieve password from result
On Aug 23, 2010, at 10:35 PM, Chris wrote:
Just to make sure, cause I am ready to get past this.
Is this correct?
function confirmUP($username, $password){
/* Verify that user is in database */
$q = SELECT password FROM .TBL_USERS. WHERE username =
'.mysql_real_escape_string($username).';
Got it. So only when I am going to diplay the result from the database.
I see.
Or email (or otherwise present it to the user), yes.
But for comparing $dbarray['password'] to $password, don't I have to
escape $password and then md5 it?
Right.
--
Postgresql php tutorials
On Aug 23, 2010, at 11:38 PM, Karl DeSaulniers wrote:
On Aug 23, 2010, at 10:35 PM, Chris wrote:
Just to make sure, cause I am ready to get past this.
Is this correct?
function confirmUP($username, $password){
/* Verify that user is in database */
$q = SELECT password FROM .TBL_USERS.
10 matches
Mail list logo
