[PHP] 2nd Pair of eyes
Hello, I warned the list that I may have questions! ;-) ...building a simple cookie-based log-in system, and have narrowed an error to this below: (sorry for email line breaks, if any) ---Start--- if ($_post['f_action']=='login') { // connect to database (custom function) $r = dbconnect(); // success? if ($r['a_success']) { $query = SELECT u_id FROM cms_users WHERE u_name = $_post['f_user'] AND u_pass = $_post['f_pass']; if ($r = @mysql_query($query)) { // test print !-- userID: $r --; } mysql_close(); } else { // Not connected to db $t_mssg = mysql_error(); } } ---End--- No info is given in PHP error reporting because it returns no source to the page. Can you see where this n00b went wrong? Thanks! Donovan -- D Brooke -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] 2nd Pair of eyes
On Tue, Jan 18, 2011 at 12:49, Donovan Brooke li...@euca.us wrote: Hello, I warned the list that I may have questions! ;-) ...building a simple cookie-based log-in system, and have narrowed an error to this below: (sorry for email line breaks, if any) ---Start--- if ($_post['f_action']=='login') { $_POST is cAsE-SeNsItIvE, like all variables. // connect to database (custom function) $r = dbconnect(); Did you define this function? -- /Daniel P. Brown Network Infrastructure Manager Documentation, Webmaster Teams http://www.php.net/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] 2nd Pair of eyes
On 18 January 2011 17:49, Donovan Brooke li...@euca.us wrote: $query = SELECT u_id FROM cms_users WHERE u_name = $_post['f_user'] AND u_pass = $_post['f_pass']; Make sure you clean the inputs before using them. If the username entered was ... '' OR 1 -- you may have problems with security. -- Richard Quadling Twitter : EE : Zend @RQuadling : e-e.com/M_248814.html : bit.ly/9O8vFY -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] 2nd Pair of eyes
On 19/01/2011, at 6:49 AM, Donovan Brooke wrote: Hello, I warned the list that I may have questions! ;-) ...building a simple cookie-based log-in system, and have narrowed an error to this below: (sorry for email line breaks, if any) ---Start--- $query = SELECT u_id FROM cms_users WHERE u_name = $_post['f_user'] AND u_pass = $_post['f_pass']; Array indices either need to be accessed without quotes for the key, or by enclosing the variable in curly braces. --- Simon Welsh Admin of http://simon.geek.nz/ Who said Microsoft never created a bug-free program? The blue screen never, ever crashes! http://www.thinkgeek.com/brain/gimme.cgi?wid=81d520e5e -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] 2nd Pair of eyes
Simon J Welsh wrote: [snip] ---Start--- $query = SELECT u_id FROM cms_users WHERE u_name = $_post['f_user'] AND u_pass = $_post['f_pass']; Array indices either need to be accessed without quotes for the key, or by enclosing the variable in curly braces. --- Simon Welsh Admin of http://simon.geek.nz/ Excellent Simon, that did it. Thanks! Donovan -- D Brooke -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] 2nd Pair of eyes
Daniel Brown wrote: On Tue, Jan 18, 2011 at 12:49, Donovan Brookeli...@euca.us wrote: Hello, I warned the list that I may have questions! ;-) ...building a simple cookie-based log-in system, and have narrowed an error to this below: (sorry for email line breaks, if any) ---Start--- if ($_post['f_action']=='login') { $_POST is cAsE-SeNsItIvE, like all variables. // connect to database (custom function) $r = dbconnect(); Did you define this function? Hi Daniel, good point (that I'm sure I would have caught ;-) ) about the $_POST... and yes, dbconnect(); is defined. Looks like it was the array indices syntax that was the culprit. Also for others, yes, I'll be adding the var cleaning and checkers. Thanks again. Donovan -- D Brooke -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php