Moron Posted January 3, 2008 Share Posted January 3, 2008 I'm writing an "employee information" application that allows employees to track accrued leave, benefits, etc.... I had been using their employee number as the username and SSN as the password. I've just been told that they want me to use just the last four of the SSN for security purposes. The database field has the entire SSN. I can use the following line... $lastfour = substr($_SESSION['password'], -4); // returns last four of password ... to truncate it to just the last four digits. But my question is, how do I incorporate $lastfour into the query? The WHERE part of the query is: WHERE ((M2.[EMPNO] = '".$_POST['empcode']."' and M2.[MSSNO] = '".$_POST['password']."') or (M2.[MSSNO] = '".$_SESSION['password']."' and M2.[EMPNO] = '".$_SESSION['empcode']."')) Since the $lastcode function uses the SSN as pulled from M2.[MSSNO], I'm assuming that it doesn't "exist" until after the query is ran. Or am I wrong about that? Cliffnotes: Instead of using the entire SSN from the database, I want to use the last four digits as determined by the $lastfour function. Link to comment https://forums.phpfreaks.com/topic/84357-solved-help-with-a-query-problem/ Share on other sites More sharing options...
redarrow Posted January 3, 2008 Share Posted January 3, 2008 WHERE ((M2.[EMPNO] = '".$_POST['empcode']."' and M2.[MSSNO] = 'SUBSTRING(".$_POST['password']."')-4) or (M2.[MSSNO] = '".$_SESSION['password']."' and M2.[EMPNO] = '".$_SESSION['empcode']."')) you could use SUBSTRING -4 dont no how theo m8 Link to comment https://forums.phpfreaks.com/topic/84357-solved-help-with-a-query-problem/#findComment-429680 Share on other sites More sharing options...
redarrow Posted January 3, 2008 Share Posted January 3, 2008 http://dev.mysql.com/doc/refman/5.0/en/string-functions.html#function_substring SUBSTRING mysql function Link to comment https://forums.phpfreaks.com/topic/84357-solved-help-with-a-query-problem/#findComment-429683 Share on other sites More sharing options...
Moron Posted January 3, 2008 Author Share Posted January 3, 2008 I'm already using the substr() function (see above), but I'm having a very hard time using it in the query. Maybe it's a syntax problem. Basically, I want to say WHERE substr(M2.[MSSNO], -4) ...is equal to $_SESSION['password'] Have I missed something here or is the problem that I'm using the wrong syntax in the query? Link to comment https://forums.phpfreaks.com/topic/84357-solved-help-with-a-query-problem/#findComment-429717 Share on other sites More sharing options...
revraz Posted January 3, 2008 Share Posted January 3, 2008 Their $_POST['password'] is 4 digits right? SUBSTRING (M2.[MSSNO]-4) = '".$_POST['password']."' Link to comment https://forums.phpfreaks.com/topic/84357-solved-help-with-a-query-problem/#findComment-429722 Share on other sites More sharing options...
Moron Posted January 3, 2008 Author Share Posted January 3, 2008 Their $_POST['password'] is 4 digits right? SUBSTRING (M2.[MSSNO]-4) = '".$_POST['password']."' Thanks, but this crashes everything. The entire WHERE statement is: WHERE ((M2.[EMPNO] = '".$_POST['empcode']."' and M2.[MSSNO] = '".$_POST['password']."') or (M2.[MSSNO] = '".$_SESSION['password']."' and M2.[EMPNO] = '".$_SESSION['empcode']."')) Link to comment https://forums.phpfreaks.com/topic/84357-solved-help-with-a-query-problem/#findComment-429728 Share on other sites More sharing options...
revraz Posted January 3, 2008 Share Posted January 3, 2008 This crashes? Post the error if it does. WHERE ((M2.[EMPNO] = '".$_POST['empcode']."' and SUBSTRING (M2.[MSSNO]-4) = '".$_POST['password']."') or (SUBSTRING (M2.[MSSNO]-4) = '".$_SESSION['password']."' and M2.[EMPNO] = '".$_SESSION['empcode']."')) Link to comment https://forums.phpfreaks.com/topic/84357-solved-help-with-a-query-problem/#findComment-429735 Share on other sites More sharing options...
revraz Posted January 3, 2008 Share Posted January 3, 2008 If it doesn't work, I would paste the whole query into the MySQL forums here for someone to look at. Link to comment https://forums.phpfreaks.com/topic/84357-solved-help-with-a-query-problem/#findComment-429737 Share on other sites More sharing options...
Moron Posted January 14, 2008 Author Share Posted January 14, 2008 If it doesn't work, I would paste the whole query into the MySQL forums here for someone to look at. Sorry I let this go for a while. I was off for a week. Anyway, here's the WHERE portion: WHERE ((M2.[EMPNO] = '".$_POST['empcode']."' and M2.[MSSNO] = '".$_POST['password']."') or (M2.[MSSNO] = '".$_SESSION['password']."' and M2.[EMPNO] = '".$_SESSION['empcode']."')) I want to only use the last four digits of M2.[MSSNO] by truncating it with substr(). Link to comment https://forums.phpfreaks.com/topic/84357-solved-help-with-a-query-problem/#findComment-438817 Share on other sites More sharing options...
Moron Posted January 14, 2008 Author Share Posted January 14, 2008 I figured it out. Thanks, everyone. Link to comment https://forums.phpfreaks.com/topic/84357-solved-help-with-a-query-problem/#findComment-439104 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.