Skip site navigation (1) Skip section navigation (2)

HTTP_AUTH and SQL WHERE Clause

From: "Seader, Cameron" <CSeader(at)idahopower(dot)com>
To: pgsql-php(at)postgresql(dot)org
Subject: HTTP_AUTH and SQL WHERE Clause
Date: 2003-09-27 20:57:27
Message-ID: 71B8A8BEC516CF46835CA629156CF21163F5CE@bedford.idacorp.local (view raw or flat)
Thread:
Lists: pgsql-php
Hey Folks, 
I am having trouble with some variables the $HTTP_AUTH_USER and $HTTP_AUTH_PW - now im useing PHP 4.3.3 and so i know that you have to use $_SERVER['HTTP_AUTH_USER'] and $_SERVER['HTTP_AUTH_PW'] instead of the old way now. Well i am having trouble with this script i have created to authenticate user name and password and verify against a postgresql database below. 

$auth = false; // Assume user is not authenticated 

if (isset( $_SERVER['PHP_AUTH_USER'] ) && isset($_SERVER['PHP_AUTH_PW'])) { 

// Connect to MySQL 

pg_pconnect("host=172.18.204.64 port=5432 dbname=acquisuite_db user=pgadmin password=pgadmin") or die ( 'Unable to connect to server.' ); 

// Select database on MySQL server 

// mysql_select_db( 'your_db' ) 
// or die ( 'Unable to select database.' ); 

// Formulate the query 

$sql = ("SELECT * FROM tbl_authenticate WHERE username = '$PHP_AUTH_USER' AND password = '$PHP_AUTH_PW'"); 

// Execute the query and put results in $result 

$result = pg_exec( $sql ) 
or die ( 'Unable to execute query.' ); 

// Get number of rows in $result. 

$num = pg_num_rows( $result ); 

if ( $num != 0 ) { 

// A matching row was found - the user is authenticated. 

$auth = true; 

} 

} 

The Problem is on the $sql line when i put in the string to do the Query with the WHERE clause having the $HTTP_AUTH_USER and $HTTP_AUTH_PW. When i change it to '$_SERVER['HTTP_AUTH_USER']' and '$_SERVER['HTTP_AUTH_PW']' it does not work and i get a parse error. 
How can i get around this? 
does anyone have any ideas for me. 
Thanks 

Cameron Seader
CSeader(at)Idahopower(dot)com



[INFO] -- Access Manager:
This transmission may contain information that is privileged, confidential and/or exempt from disclosure under applicable law.  If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution, or use of the information contained herein (including any reliance thereon) is STRICTLY PROHIBITED. If you received this transmission in error, please immediately contact the sender and destroy the material in its entirety, whether in electronic or hard copy format.  Thank you.   A2



Responses

pgsql-php by date

Next:From: brewDate: 2003-09-28 11:26:34
Subject: Re: HTTP_AUTH and SQL WHERE Clause
Previous:From: Luca ScaramellaDate: 2003-09-26 16:43:35
Subject: pg_loopen() unable to open large object

Privacy Policy | About PostgreSQL
Copyright © 1996-2014 The PostgreSQL Global Development Group