From: | "Rod K" <rod(at)23net(dot)net> |
---|---|
To: | "Seader, Cameron" <CSeader(at)idahopower(dot)com>, <pgsql-php(at)postgresql(dot)org> |
Subject: | Re: HTTP_AUTH and SQL WHERE Clause |
Date: | 2003-09-28 13:53:35 |
Message-ID: | KNEPILBLIADCDMMPIKIKCEEKCOAA.rod@23net.net |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-php |
> $sql = ("SELECT * FROM tbl_authenticate WHERE username =
> '$PHP_AUTH_USER' AND password = '$PHP_AUTH_PW'");
>
There's no need for the parens around the quoted value.
> The Problem is on the $sql line when i put in the string to do
> the Query with the WHERE clause having the $HTTP_AUTH_USER and
> $HTTP_AUTH_PW. When i change it to '$_SERVER['HTTP_AUTH_USER']'
> and '$_SERVER['HTTP_AUTH_PW']' it does not work and i get a parse error.
So the new assignment looks like this:
$sql= "SELECT * FROM tbl_authenticate WHERE username =
'$_SERVER['HTTP_AUTH_USER']' AND password = '$_SERVER['HTTP_AUTH_PW']'";
The problem is that PHP doesn't know what you are trying to do here.
"'$_SERVER['HTTP_AUTH_PW']'" could mean "'(the value of
$_SERVER)['HTTP_AUTH_PW']'" or what you intend. To get around that you need
to enclose array elements (as well as other complex type structures like
$myObject->property ) with braces (or place them outside the quoted value.
The former:
$sql= "SELECT * FROM tbl_authenticate WHERE username =
'{$_SERVER['HTTP_AUTH_USER']}' AND password = '{$_SERVER['HTTP_AUTH_PW']}'";
and the later:
$sql= "SELECT * FROM tbl_authenticate WHERE username =
'".$_SERVER['HTTP_AUTH_USER']."' AND password =
'".$_SERVER['HTTP_AUTH_PW']."'";
I prefer the later since it's a bit easier to read IMO.
HTH
Rod
From | Date | Subject | |
---|---|---|---|
Next Message | Rod Taylor | 2003-09-28 14:26:26 | Re: HTTP_AUTH and SQL WHERE Clause |
Previous Message | brew | 2003-09-28 11:26:34 | Re: HTTP_AUTH and SQL WHERE Clause |