[PHP] 2nd Pair of eyes
Hello,
I warned the list that I may have questions! ;-)
...building a simple cookie-based log-in system, and have
narrowed an error to this below: (sorry for email line breaks, if any)
---Start---
if ($_post['f_action']=='login') {
// connect to database (custom function)
$r = dbconnect();
// success?
if ($r['a_success']) {
$query = SELECT u_id FROM cms_users WHERE u_name =
$_post['f_user'] AND u_pass = $_post['f_pass'];
if ($r = @mysql_query($query))
{
// test
print !-- userID: $r --;
}
mysql_close();
} else {
// Not connected to db
$t_mssg = mysql_error();
}
}
---End---
No info is given in PHP error reporting because it
returns no source to the page. Can you see where this n00b went wrong?
Thanks!
Donovan
--
D Brooke
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] 2nd Pair of eyes
On Tue, Jan 18, 2011 at 12:49, Donovan Brooke li...@euca.us wrote:
Hello,
I warned the list that I may have questions! ;-)
...building a simple cookie-based log-in system, and have
narrowed an error to this below: (sorry for email line breaks, if any)
---Start---
if ($_post['f_action']=='login') {
$_POST is cAsE-SeNsItIvE, like all variables.
// connect to database (custom function)
$r = dbconnect();
Did you define this function?
--
/Daniel P. Brown
Network Infrastructure Manager
Documentation, Webmaster Teams
http://www.php.net/
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] 2nd Pair of eyes
On 18 January 2011 17:49, Donovan Brooke li...@euca.us wrote: $query = SELECT u_id FROM cms_users WHERE u_name = $_post['f_user'] AND u_pass = $_post['f_pass']; Make sure you clean the inputs before using them. If the username entered was ... '' OR 1 -- you may have problems with security. -- Richard Quadling Twitter : EE : Zend @RQuadling : e-e.com/M_248814.html : bit.ly/9O8vFY -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] 2nd Pair of eyes
On 19/01/2011, at 6:49 AM, Donovan Brooke wrote: Hello, I warned the list that I may have questions! ;-) ...building a simple cookie-based log-in system, and have narrowed an error to this below: (sorry for email line breaks, if any) ---Start--- $query = SELECT u_id FROM cms_users WHERE u_name = $_post['f_user'] AND u_pass = $_post['f_pass']; Array indices either need to be accessed without quotes for the key, or by enclosing the variable in curly braces. --- Simon Welsh Admin of http://simon.geek.nz/ Who said Microsoft never created a bug-free program? The blue screen never, ever crashes! http://www.thinkgeek.com/brain/gimme.cgi?wid=81d520e5e -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] 2nd Pair of eyes
Simon J Welsh wrote: [snip] ---Start--- $query = SELECT u_id FROM cms_users WHERE u_name = $_post['f_user'] AND u_pass = $_post['f_pass']; Array indices either need to be accessed without quotes for the key, or by enclosing the variable in curly braces. --- Simon Welsh Admin of http://simon.geek.nz/ Excellent Simon, that did it. Thanks! Donovan -- D Brooke -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] 2nd Pair of eyes
Daniel Brown wrote:
On Tue, Jan 18, 2011 at 12:49, Donovan Brookeli...@euca.us wrote:
Hello,
I warned the list that I may have questions! ;-)
...building a simple cookie-based log-in system, and have
narrowed an error to this below: (sorry for email line breaks, if any)
---Start---
if ($_post['f_action']=='login') {
$_POST is cAsE-SeNsItIvE, like all variables.
// connect to database (custom function)
$r = dbconnect();
Did you define this function?
Hi Daniel, good point (that I'm sure I would have caught ;-) ) about
the $_POST... and yes, dbconnect(); is defined.
Looks like it was the array indices syntax that was the culprit.
Also for others, yes, I'll be adding the var cleaning and checkers.
Thanks again.
Donovan
--
D Brooke
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
