[Wylug-help] LAMP: form vars not passed to php script
Andy Macdonald
andy at greenhead.ac.uk
Thu, 09 Jan 2003 15:28:32 GMT
To be precise:
$query = "SELECT userId, userName, userPass from users WHERE userName =
'".$_REQUEST['frmuser']."' AND userPass =MD5('".$_REQUEST['frmpass']."')";
It reminds me of stuff I used to write for MS Access ...
On Wed, 08 Jan, mikeb@gbdirect.co.uk wrote:
> On Wed, Jan 08, 2003 at 01:03:35PM +0000, Andy Macdonald wrote:
> > Thanks to Mike, Gavin & Jason for their comments.
> >
> > I've now glanced at (is this my problem? I don't really want to learn a
> > programming language, I just want to get the computer to do stuff) php.org
> and
> > phpfreaks.com. I have quickly rewritten login.php - but I have still
> evidently
> > missed something somewhere ...
> > I gathered that, instead of $foo, I now have to use $_POST('foo'] or
> > $_REQUEST['foo'], so I rewrote:
> >
> > $query = "SELECT userId, userName, userPass from users WHERE userName =
> > $_REQUEST['frmuser'] AND userPass = MD5($_REQUEST['frmpass'])";
> >
> > But still no values come thru, or with $_POST ...
>
> Welcome to the bag of contradictions and ill-thought through features that
> PHP proves to be. Sadly, you can't interpolate arrays in strings like that.
>
> You would have to use:
> $query = "SELECT userId, userName, userPass from users WHERE
> userName =" . $_REQUEST['frmuser'] .
> " AND userPass = MD5(" . $_REQUEST['frmpass']. ")"
>
> I.e. doing your own interpolation by string-pasting instead,
> at least that's what I believe without actually trying it in
> practice.
>
> And have you looked into whether or not magic_quotes is set?
> That will affect the values of the variables coming in from the
> form - the best tactic there is to enter form data containing
> a single or double quote or a backslash and see what values
> you get in your PHP - if the data sprouts extra backslashes
> then you do indeed have magic_quotes turned on.
>
> Cheers,
>
> Mike
>
--
Andy Macdonald
Network Manager, Greenhead College
Huddersfield, HD1 4ES, England.
Tel: 01484 422032
Mobile: 07932 635057
See award winning web site:
http://www.greenhead.ac.uk