Jump to content

mcondiff

New Members
 View Profile  See their activity

  • Posts

    2

  • Joined

  • Last visited

    Never

Profile Information

  • Gender
    Not Telling

mcondiff's Achievements

Newbie

Newbie (1/5)

0

Reputation

  1. mcondiff
    I am having a hard time figuring out how I would achieve url-masking (if thats what they use) on Myspace. I need for users to be able to look at a profile using http://www.mysite.com/tomjones. However, right now I have something to the effect of http://www.mysite.com/profile.php?profile=tomjones Is it possible to mask the URL from profile.php?profile=tomjones to mysite.com/tomjones. I have read that I can do it in frames or by editing .htaccess file in apache. Can someone point me in the right direction? Thanks Mike
  2. mcondiff
    I'm having real trouble with quote_smart() from php.  I need to know how to include a "quote_smart"ed variable into a sql prepared statment.  Quote_Smart() puts single quotes around all string vars and my db has matching values and appropriate single quotes around the values. I am getting "You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'mikec@xyz.com''' at line 1" the way i have it seems to have an extra single quote at the end but i cant tell where its coming from can someone help? <?php session_start(); require_once 'config.php'; function connect_db() { $this->db_connection = mysql_connect(SERVER_NAME, DB_USER, DB_PASSWORD) or die ('Unable to connect to Database!'); mysql_select_db(DB_NAME); } function quote_smart($value) {   // Stripslashes   if (get_magic_quotes_gpc()) {       $value = stripslashes($value);   }   // Quote if not a number or a numeric string   if (!is_numeric($value)) {       $value = "'" . mysql_real_escape_string($value) . "'";   }   return $value; } connect_db(); //connects to db fine $legal = "mikec@xyz.com"; // pre quote_smart $legal = quote_smart($legal); // post quote_smart $query = "SELECT * FROM users WHERE email = '$legal'"; $user = mysql_query($query) or die(mysql_error()); $numFound = mysql_num_rows($user); echo $numFound; $x = mysql_result($user,0,"email"); $y = mysql_result($user,0,"pass"); echo '<br> user-> '. $x; echo '<br> pass-> '. $y; ?> Its a login script that im using as part of a base application class, but this is easier to read. Does anyone have an example of anything theyve done using quotesmart or just tell me the standard/preferred way of using it to prevent sql injection? I'm at a loss here. Thanks Mike
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.