Re: HTTP_AUTH and SQL WHERE Clause

From: "Rod K" <rod(at)23net(dot)net>
To: "Seader, Cameron" <CSeader(at)idahopower(dot)com>, <pgsql-php(at)postgresql(dot)org>
Subject: Re: HTTP_AUTH and SQL WHERE Clause
Date: 2003-09-28 13:53:35
Message-ID: KNEPILBLIADCDMMPIKIKCEEKCOAA.rod@23net.net
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-php

> $sql = ("SELECT * FROM tbl_authenticate WHERE username =
> '$PHP_AUTH_USER' AND password = '$PHP_AUTH_PW'");
>

There's no need for the parens around the quoted value.

> The Problem is on the $sql line when i put in the string to do
> the Query with the WHERE clause having the $HTTP_AUTH_USER and
> $HTTP_AUTH_PW. When i change it to '$_SERVER['HTTP_AUTH_USER']'
> and '$_SERVER['HTTP_AUTH_PW']' it does not work and i get a parse error.

So the new assignment looks like this:

$sql= "SELECT * FROM tbl_authenticate WHERE username =
'$_SERVER['HTTP_AUTH_USER']' AND password = '$_SERVER['HTTP_AUTH_PW']'";

The problem is that PHP doesn't know what you are trying to do here.
"'$_SERVER['HTTP_AUTH_PW']'" could mean "'(the value of
$_SERVER)['HTTP_AUTH_PW']'" or what you intend. To get around that you need
to enclose array elements (as well as other complex type structures like
$myObject->property ) with braces (or place them outside the quoted value.

The former:

$sql= "SELECT * FROM tbl_authenticate WHERE username =
'{$_SERVER['HTTP_AUTH_USER']}' AND password = '{$_SERVER['HTTP_AUTH_PW']}'";

and the later:

$sql= "SELECT * FROM tbl_authenticate WHERE username =
'".$_SERVER['HTTP_AUTH_USER']."' AND password =
'".$_SERVER['HTTP_AUTH_PW']."'";

I prefer the later since it's a bit easier to read IMO.

HTH
Rod

In response to

Responses

Browse pgsql-php by date

  From Date Subject
Next Message Rod Taylor 2003-09-28 14:26:26 Re: HTTP_AUTH and SQL WHERE Clause
Previous Message brew 2003-09-28 11:26:34 Re: HTTP_AUTH and SQL WHERE Clause