pedrobcabral Posted January 28, 2007 Share Posted January 28, 2007 mysql_query("SELECT * FROM admin WHERE login='"{$_POST["login"]}"' AND password='"{$_POST["password"]}'"");I can't deal with the " and ' .. I'm getting lost.. can anybody help me? Thank you Link to comment https://forums.phpfreaks.com/topic/36096-quotation/ Share on other sites More sharing options...
acp26b Posted January 28, 2007 Share Posted January 28, 2007 $form_password = ($_POST['password']);$form_login = ($_POST['login']);$mysqlquery = "Select * from admin a where a.login = '$form_login' and a.password = '$form_password'";$mysqlresult = mysql_query($mysqlquery); Link to comment https://forums.phpfreaks.com/topic/36096-quotation/#findComment-171325 Share on other sites More sharing options...
Jessica Posted January 28, 2007 Share Posted January 28, 2007 Another possible solution is: mysql_query("SELECT * FROM admin WHERE login='".$_POST["login"]."' AND password='".$_POST["password"].'"")However, this leaves you open to SQL injection. You need to properly santize user input. Link to comment https://forums.phpfreaks.com/topic/36096-quotation/#findComment-171332 Share on other sites More sharing options...
acp26b Posted January 28, 2007 Share Posted January 28, 2007 run your form variables through this:[code]function format($text) { $text = preg_replace("/\W/", " ", $text); return $text; }[/code]it will take out special chars to prevent injection, but it will also take out the @ symbol so be careful if you are using email address to as username or allowing special chars in password, if so you will need to tweek the reg expression a little Link to comment https://forums.phpfreaks.com/topic/36096-quotation/#findComment-171344 Share on other sites More sharing options...
Jessica Posted January 28, 2007 Share Posted January 28, 2007 ...or you could just use mysql_real_escape_string, strip_tags, you know, the premade functions for that. Link to comment https://forums.phpfreaks.com/topic/36096-quotation/#findComment-171352 Share on other sites More sharing options...
acp26b Posted January 28, 2007 Share Posted January 28, 2007 Always got to one up everyone huh jesirose? :P Link to comment https://forums.phpfreaks.com/topic/36096-quotation/#findComment-171355 Share on other sites More sharing options...
irken Posted January 28, 2007 Share Posted January 28, 2007 [quote author=acp26b link=topic=124447.msg515614#msg515614 date=1170014715]Always got to one up everyone huh jesirose? :P[/quote]It comes with the title: [b]PHPFreaks Recommended - Proficient[/b] ;D Link to comment https://forums.phpfreaks.com/topic/36096-quotation/#findComment-171356 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.