Re: [PHP] Is this the best way?

14/03/2008, 22h40

Then it's the other query (with the ORDER BY) that you want to look at to fix
the SQL error.

Don't forget to use (assuming MySQL) mysql_real_escape_string() on all
variables being used in the SQL query. That'll prevent a problem with
single quotes or other bad characters showing up in your variables and
breaking your SQL. Not to mention the security benefits.

-TG

----- Original Message -----
From: Jason Pruim <japruim@raoset.com>
To: "TG" <tg-php@gryffyndevelopment.com>
Cc: "PHP General List" <php-general@lists.php.net>
Date: Fri, 14 Mar 2008 17:11:40 -0400

> > Ok so the next thing to check is your query. Maybe echo it out so
> > you can
> > see what's actually attempting to execute.
>
> echo from my actual query
> SELECT * FROM current WHERE loginName='japruim' AND
> loginPassword='mybadpassword' LIMIT 0,1;
> >
> >
> > I don't see an "ORDER BY" in the SQL listed below.
>
> The ORDER BY actually comes from a different query that should ONLY be
> done AFTER successful login... It's actually related to the sorting of
> the records that should be retrieved.

14/03/2008, 22h42

On Mar 14, 2008, at 5:40 PM, TG wrote:

>
> Then it's the other query (with the ORDER BY) that you want to look
> at to fix
> the SQL error.
>
> Don't forget to use (assuming MySQL) mysql_real_escape_string() on all
> variables being used in the SQL query. That'll prevent a
> problem with
> single quotes or other bad characters showing up in your variables and
> breaking your SQL. Not to mention the security benefits.

All that's taken care of... The issue is though, that that query is
getting run even when the login wasn't successful... When you log in
with the proper username/password that query runs just fine...

>
>
> -TG
>
> ----- Original Message -----
> From: Jason Pruim <japruim@raoset.com>
> To: "TG" <tg-php@gryffyndevelopment.com>
> Cc: "PHP General List" <php-general@lists.php.net>
> Date: Fri, 14 Mar 2008 17:11:40 -0400
>
>>> Ok so the next thing to check is your query. Maybe echo it out so
>>> you can
>>> see what's actually attempting to execute.
>>
>> echo from my actual query
>> SELECT * FROM current WHERE loginName='japruim' AND
>> loginPassword='mybadpassword' LIMIT 0,1;
>>>
>>>
>>> I don't see an "ORDER BY" in the SQL listed below.
>>
>> The ORDER BY actually comes from a different query that should ONLY
>> be
>> done AFTER successful login... It's actually related to the sorting
>> of
>> the records that should be retrieved.
>
>

14/03/2008, 22h40	#1
TG Messages: n/a Hébergeur:	Re: [PHP] Is this the best way? Then it's the other query (with the ORDER BY) that you want to look at to fix the SQL error. Don't forget to use (assuming MySQL) mysql_real_escape_string() on all variables being used in the SQL query. That'll prevent a problem with single quotes or other bad characters showing up in your variables and breaking your SQL. Not to mention the security benefits. -TG ----- Original Message ----- From: Jason Pruim <japruim@raoset.com> To: "TG" <tg-php@gryffyndevelopment.com> Cc: "PHP General List" <php-general@lists.php.net> Date: Fri, 14 Mar 2008 17:11:40 -0400 > > Ok so the next thing to check is your query. Maybe echo it out so > > you can > > see what's actually attempting to execute. > > echo from my actual query > SELECT * FROM current WHERE loginName='japruim' AND > loginPassword='mybadpassword' LIMIT 0,1; > > > > > > I don't see an "ORDER BY" in the SQL listed below. > > The ORDER BY actually comes from a different query that should ONLY be > done AFTER successful login... It's actually related to the sorting of > the records that should be retrieved.

14/03/2008, 22h42	#2
Jason Pruim Messages: n/a Hébergeur:	Re: [PHP] Is this the best way? On Mar 14, 2008, at 5:40 PM, TG wrote: > > Then it's the other query (with the ORDER BY) that you want to look > at to fix > the SQL error. > > Don't forget to use (assuming MySQL) mysql_real_escape_string() on all > variables being used in the SQL query. That'll prevent a > problem with > single quotes or other bad characters showing up in your variables and > breaking your SQL. Not to mention the security benefits. All that's taken care of... The issue is though, that that query is getting run even when the login wasn't successful... When you log in with the proper username/password that query runs just fine... > > > -TG > > ----- Original Message ----- > From: Jason Pruim <japruim@raoset.com> > To: "TG" <tg-php@gryffyndevelopment.com> > Cc: "PHP General List" <php-general@lists.php.net> > Date: Fri, 14 Mar 2008 17:11:40 -0400 > >>> Ok so the next thing to check is your query. Maybe echo it out so >>> you can >>> see what's actually attempting to execute. >> >> echo from my actual query >> SELECT * FROM current WHERE loginName='japruim' AND >> loginPassword='mybadpassword' LIMIT 0,1; >>> >>> >>> I don't see an "ORDER BY" in the SQL listed below. >> >> The ORDER BY actually comes from a different query that should ONLY >> be >> done AFTER successful login... It's actually related to the sorting >> of >> the records that should be retrieved. > >

Outils de la discussion
Afficher une version imprimable Envoyer un lien vers cette page par email