biggerboy Posted October 21, 2007 Share Posted October 21, 2007 I am using this for login and a few other things instead of just returning the value like 'this is the value' is is returning it like 'this is the value''this is the value. I couldn't see the cause maybe someone here can. Thanks! my code for the sql_sant is: function sql_sant($value) { if( get_magic_quotes_gpc() ) { $value = stripslashes($value); } //check if this function exists if( function_exists( "mysql_real_escape_string" ) ) { if (!is_numeric($value)) { $value = "'" . mysql_real_escape_string($value) . "'"; } else { $value = mysql_real_escape_string($value); } } //for PHP version < 4.3.0 use addslashes else { if(!is_numeric($value)) { $value = "'" . addslashes($value) . "'"; } else { $value = addslashes($value); } } return $value; } My code for login.php is: require("header.php"); if(isset($_SESSION['username'])) { header('Location: index.php '); } if($_POST['action'] == 'login') { $username = $_POST['username']; $username = sql_sant($username); $password = $_POST['password']; $password = sql_sant($username); echo $username; if(login($username,$password)) { header('Location: index.php'); } else { $error_message = "Invalid username/password"; Quote Link to comment Share on other sites More sharing options...
MadTechie Posted October 21, 2007 Share Posted October 21, 2007 I see it <?php $username = $_POST['username']; $username = sql_sant($username); $password = $_POST['password']; $password = sql_sant($username); //<--SURELY You MEAN $password not $Username ?> Quote Link to comment Share on other sites More sharing options...
biggerboy Posted October 21, 2007 Author Share Posted October 21, 2007 Wow can't believe I missed that, I will test it. Thanks always can use another set of eyes. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.