| From: | Rod Taylor <rbt(at)rbt(dot)ca> |
|---|---|
| To: | Rod K <rod(at)23net(dot)net> |
| Cc: | "Seader, Cameron" <CSeader(at)idahopower(dot)com>, pgsql-php(at)postgresql(dot)org |
| Subject: | Re: HTTP_AUTH and SQL WHERE Clause |
| Date: | 2003-09-28 14:26:26 |
| Message-ID: | 1064759185.21931.32.camel@jester |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-php |
> The former:
>
> $sql= "SELECT * FROM tbl_authenticate WHERE username =
> '{$_SERVER['HTTP_AUTH_USER']}' AND password = '{$_SERVER['HTTP_AUTH_PW']}'";
>
> and the later:
>
> $sql= "SELECT * FROM tbl_authenticate WHERE username =
> '".$_SERVER['HTTP_AUTH_USER']."' AND password =
> '".$_SERVER['HTTP_AUTH_PW']."'";
>
> I prefer the later since it's a bit easier to read IMO.
Another alternative:
$sql = <<<END
SELECT *
FROM tbl_authenticate
WHERE username = '%s'
AND password = '%s';
END
$psql = sprintf($sql, pg_escape_string($_SERVER['HTTP_AUTH_USER']),
pg_escape_string($_SERVER['HTTP_AUTH_PW']));
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Sebastien Baudry | 2003-10-02 08:00:10 | How to call a PL/pgSQL function in a PHP script? |
| Previous Message | Rod K | 2003-09-28 13:53:35 | Re: HTTP_AUTH and SQL WHERE Clause |