Value not being Transferred into Function

maxudaskin · November 2, 2008

I have 2 post values, username and password, on one page, they can display their values, but when transferred into another function, the value is not transferred.

$login = new login();

$login_result = $login->confirmUser($_POST['username'],$_POST['password']);

into

<?php
class login
{
function confirmUser($username, $password)
{
	/**
	 * Undo Magic Quotes (if applicable)
	 */
	if(get_magic_quotes_gpc())
	{
		$username = stripslashes($username);
	}

	/**
	 * Prevent MySQL Injection
	 */
	$username = mysql_real_escape_string($username);

	/**
	 * Get the MD5 Hash of the password with salt
	 */
	$password = md5($password . SALT);

	/**
	 * Retrieve the applicable data
	 * 
	 * Matches the username column and the pilot id column to allow for either to be entered
	 */
	$sql    = 'SELECT * FROM ' . USERS_TABLE . ' WHERE `fullname` = ' . $username . ' OR `pilotid` = ' . $username;
	echo $sql;
	$query  = mysql_query($sql);
	$result = mysql_fetch_array($query);

	/**
	 * Check if there are any matches (if the username is correct)
	 */
	if(mysql_num_rows($query) == 0)
	{
		return 1;
	}

	/**
	 * Check the supplied password to the query result
	 */
	if($password != $result['password'])
	{
		return 2;
	}
	else
	{
		return 0;
	}
}
}

But the SQL being echoed is SELECT * FROM users WHERE `fullname` = OR `pilotid` =

corbin · November 2, 2008

I bet you don't have an open MySQL connection.

In that case mysql_real_escape_string would return false which would not show up in your string.

By the way, that SQL query is going to give you a syntax error since you aren't quoting the username and password.

Sign In

Value not being Transferred into Function

Recommended Posts

maxudaskin

Link to comment

Share on other sites

corbin

Link to comment

Share on other sites

Archived

Browse

Activity

Important Information