Skip site navigation (1) Skip section navigation (2)

Re: HTTP_AUTH and SQL WHERE Clause

From: "Rod K" <rod(at)23net(dot)net>
To: "Seader, Cameron" <CSeader(at)idahopower(dot)com>,<pgsql-php(at)postgresql(dot)org>
Subject: Re: HTTP_AUTH and SQL WHERE Clause
Date: 2003-09-28 13:53:35
Message-ID: KNEPILBLIADCDMMPIKIKCEEKCOAA.rod@23net.net (view raw or flat)
Thread:
Lists: pgsql-php

> $sql = ("SELECT * FROM tbl_authenticate WHERE username =
> '$PHP_AUTH_USER' AND password = '$PHP_AUTH_PW'");
>

There's no need for the parens around the quoted value.

> The Problem is on the $sql line when i put in the string to do
> the Query with the WHERE clause having the $HTTP_AUTH_USER and
> $HTTP_AUTH_PW. When i change it to '$_SERVER['HTTP_AUTH_USER']'
> and '$_SERVER['HTTP_AUTH_PW']' it does not work and i get a parse error.

So the new assignment looks like this:

$sql= "SELECT * FROM tbl_authenticate WHERE username =
'$_SERVER['HTTP_AUTH_USER']' AND password = '$_SERVER['HTTP_AUTH_PW']'";

The problem is that PHP doesn't know what you are trying to do here.
"'$_SERVER['HTTP_AUTH_PW']'" could mean "'(the value of
$_SERVER)['HTTP_AUTH_PW']'" or what you intend.  To get around that you need
to enclose array elements (as well as other complex type structures like
$myObject->property ) with braces (or place them outside the quoted value.

The former:

 $sql= "SELECT * FROM tbl_authenticate WHERE username =
'{$_SERVER['HTTP_AUTH_USER']}' AND password = '{$_SERVER['HTTP_AUTH_PW']}'";

and the later:

 $sql= "SELECT * FROM tbl_authenticate WHERE username =
'".$_SERVER['HTTP_AUTH_USER']."' AND password =
'".$_SERVER['HTTP_AUTH_PW']."'";

I prefer the later since it's a bit easier to read IMO.

HTH
Rod



In response to

Responses

pgsql-php by date

Next:From: Rod TaylorDate: 2003-09-28 14:26:26
Subject: Re: HTTP_AUTH and SQL WHERE Clause
Previous:From: brewDate: 2003-09-28 11:26:34
Subject: Re: HTTP_AUTH and SQL WHERE Clause

Privacy Policy | About PostgreSQL
Copyright © 1996-2014 The PostgreSQL Global Development Group