Jump to content

Recommended Posts

I'm writing an "employee information" application that allows employees to track accrued leave, benefits, etc.... I had been using their employee number as the username and SSN as the password. I've just been told that they want me to use just the last four of the SSN for security purposes.

 

The database field has the entire SSN. I can use the following line...

 

$lastfour = substr($_SESSION['password'], -4); // returns last four of password

 

... to truncate it to just the last four digits.

 

But my question is, how do I incorporate $lastfour into the query? The WHERE part of the query is:

 

WHERE ((M2.[EMPNO] = '".$_POST['empcode']."' and 
M2.[MSSNO] = '".$_POST['password']."') or (M2.[MSSNO] = '".$_SESSION['password']."' and M2.[EMPNO] = '".$_SESSION['empcode']."'))

 

Since the $lastcode function uses the SSN as pulled from M2.[MSSNO], I'm assuming that it doesn't "exist" until after the query is ran. Or am I wrong about that?

 

Cliffnotes:

 

Instead of using the entire SSN from the database, I want to use the last four digits as determined by the $lastfour function.

 

 

 

Link to comment
https://forums.phpfreaks.com/topic/84357-solved-help-with-a-query-problem/
Share on other sites

WHERE ((M2.[EMPNO] = '".$_POST['empcode']."' and 
M2.[MSSNO] = 'SUBSTRING(".$_POST['password']."')-4) or (M2.[MSSNO] = '".$_SESSION['password']."' and M2.[EMPNO] = '".$_SESSION['empcode']."'))

 

you could use SUBSTRING -4 dont no how theo m8

I'm already using the substr() function (see above), but I'm having a very hard time using it in the query. Maybe it's a syntax problem.

 

Basically, I want to say WHERE

 

substr(M2.[MSSNO], -4)

 

...is equal to

 

$_SESSION['password']

 

Have I missed something here or is the problem that I'm using the wrong syntax in the query?

 

Their $_POST['password'] is 4 digits right?

 

SUBSTRING (M2.[MSSNO]-4) = '".$_POST['password']."'

 

Thanks, but this crashes everything.

 

The entire WHERE statement is:

 

WHERE ((M2.[EMPNO] = '".$_POST['empcode']."' and 
M2.[MSSNO] = '".$_POST['password']."') or (M2.[MSSNO] = '".$_SESSION['password']."' and M2.[EMPNO] = '".$_SESSION['empcode']."'))

 

 

 

This crashes?

Post the error if it does.

 


WHERE ((M2.[EMPNO] = '".$_POST['empcode']."' and 
SUBSTRING (M2.[MSSNO]-4) = '".$_POST['password']."') or (SUBSTRING (M2.[MSSNO]-4) = '".$_SESSION['password']."' and M2.[EMPNO] = '".$_SESSION['empcode']."'))

  • 2 weeks later...

If it doesn't work, I would paste the whole query into the MySQL forums here for someone to look at.

 

Sorry I let this go for a while. I was off for a week.

 

Anyway, here's the WHERE portion:

 

WHERE ((M2.[EMPNO] = '".$_POST['empcode']."' and 
M2.[MSSNO] = '".$_POST['password']."') or (M2.[MSSNO] = '".$_SESSION['password']."' and M2.[EMPNO] = '".$_SESSION['empcode']."'))

 

I want to only use the last four digits of M2.[MSSNO] by truncating it with substr().

 

 

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.