The macosxhints Forums
Page 2 of 2 1 2
Show 100 post(s) from this thread on one page

The macosxhints Forums (http://hintsforums.macworld.com/index.php)
-   OS X Developer (http://hintsforums.macworld.com/forumdisplay.php?f=27)
-   -   PHP help (http://hintsforums.macworld.com/showthread.php?t=84860)

ryans 01-26-2008 10:04 PM
ok.. I think i would use a echo instead that, like this:

--regular member pages
Code:
$mmquery = "SELECT * from accounts WHERE login='$name' && password='$password'";
$mmresult = mysql_query($mmquery);
$mmthisrow = mysql_fetch_array($mmresult, MYSQL_ASSOC);

if($mmthisrow['GM'] == '%z%'){
echo "<a href=\"admin/panel/index.php\">Admin Area</a>";
}
and then for the admin pages themself:
Code:
$pagequery = "SELECT * from accounts WHERE login='$name' && password='$password'";
$pageresult = mysql_query($pagequery);
$pagethisrow = mysql_fetch_array($pageresult, MYSQL_ASSOC);
if($pagethisrow == '%z%'){
?>
<!-- copy page code here -->
<?
}
else{
echo "Sorry, your not a Admin";
};
?>

ryans 01-26-2008 10:05 PM
am i using the '&&' right?

acme.mail.order 01-26-2008 10:09 PM
What's this?
Quote:
Originally Posted by ryans (Post 446001)
if($mmthisrow['GM'] == '%z%'){
Are you actually storing the values exactly like that? "%z%"?? Why?

Quote:
echo "<a href=\"admin/panel/index.php\">Admin Area</a>";
Now you have to work up a completely separate authentication system for the admin/panel area. Doubles your work.

tw 01-26-2008 10:28 PM
Quote:
Originally Posted by ryans (Post 446002)
am i using the '&&' right?
&& is php code - use the word and inside mysql statements

ryans 01-26-2008 10:35 PM
alright, will do..

and i wont have to do double the work.. what you mean?

acme.mail.order 01-26-2008 10:45 PM
Quote:
Originally Posted by tw (Post 446012)
&& is php code - use the word and inside mysql statements
Mysql (at least mysql5) recognizes && as a logical AND.

Quote:
Originally Posted by ryans (Post 446013)
alright, will do..

and i wont have to do double the work.. what you mean?
Linking to another page after authentication doesn't protect the other page. Anyone who knows the address can access it. So you now need to re-authenticate the user, either with POST data (bad), a cookie (better), an encrypted cookie (best) or Yet Another Login Form.

However, if you include a page fragment after authentication you not only hide the code, you hide the code's location as the file name never has to be presented to the user.

ryans 01-26-2008 10:52 PM
no.. i could use the same system that allows the user to see the link...

anyways i am kinda new at php... i wouldnt know about using the cookies...

thanks
ryans

tw 01-26-2008 10:57 PM
Quote:
Originally Posted by acme.mail.order (Post 446016)
Mysql (at least mysql5) recognizes && as a logical AND.
ah, sorry - I'm stuck using mysql 4 until my server upgrades (which might be about the time mysql 12 comes out - universities, I tell ya...)

acme.mail.order 01-26-2008 11:13 PM
And here I thought universities were supposed to be at the leading edge of everything - technology, knowledge, drinking contests etc.

tw 01-26-2008 11:24 PM
Quote:
Originally Posted by acme.mail.order (Post 446027)
And here I thought universities were supposed to be at the leading edge of everything - technology, knowledge, drinking contests etc.
yeah, well. university bureaucracies do to professors what some professors do to lab rats. karma, I suppose... but it does help us keep ahead on the drinking contests. :D

ryans 01-30-2008 02:37 PM
no.. i need the %z%

because its WILDCARD

acme.mail.order 01-30-2008 06:38 PM
% is a SQL wildcard, it is not stored in the database that way. And you've used it in a PHP function, not a database context. The PHP == operator will treat what you typed as literal text. You need to read the PHP manual section on string functions. And if you use it in SQL as a wildcard you can't use the equality operator. Read the SQL manual section on string functions too.

ryans 01-30-2008 08:09 PM
so, even though i need the wild card, i dont put it in?

Weird.. I will give it a try though..

acme.mail.order 01-31-2008 12:16 AM
You are trying to use a SQL wildcard in a PHP operation. Won't work.

This:
Code:
$pagethisrow = mysql_fetch_array($pageresult, MYSQL_ASSOC);
if($pagethisrow == '%z%')
will never match. Ever. In the first line, $pagethisrow becomes an array. In the second row, you ask "is this array variable equal to this 3-character text string?" As oranges are not toasters it will always return false.

This:
Code:
$mmresult = mysql_query($mmquery);
$mmthisrow = mysql_fetch_array($mmresult, MYSQL_ASSOC);

if($mmthisrow['GM'] == '%z%'){
is better, as it has a chance of matching. But this is a literal string comparison - there is no wildcard character. You need to use something like:
Code:
if( false !== strpos($mmthisrow['GM'], 'z') ) {

The proper use of '%' as a wildcard is in the SELECT query, for example

Code:
SELECT * from accounts WHERE login='$name' && password='$password' && GM LIKE '%z%'

ryans 01-31-2008 03:02 PM
alright thanks


All times are GMT -5. The time now is 06:13 AM.
Page 2 of 2 1 2
Show 100 post(s) from this thread on one page

Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.
Site design © IDG Consumer & SMB; individuals retain copyright of their postings
but consent to the possible use of their material in other areas of IDG Consumer & SMB.