Re: HTTP_AUTH and SQL WHERE Clause

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] 

> The former:
> 
>  $sql= "SELECT * FROM tbl_authenticate WHERE username =
> '{$_SERVER['HTTP_AUTH_USER']}' AND password = '{$_SERVER['HTTP_AUTH_PW']}'";
> 
> and the later:
> 
>  $sql= "SELECT * FROM tbl_authenticate WHERE username =
> '".$_SERVER['HTTP_AUTH_USER']."' AND password =
> '".$_SERVER['HTTP_AUTH_PW']."'";
> 
> I prefer the later since it's a bit easier to read IMO.

Another alternative:

$sql = <<<END
SELECT * 
  FROM tbl_authenticate
 WHERE username = '%s'
   AND password = '%s';
END

$psql = sprintf($sql, pg_escape_string($_SERVER['HTTP_AUTH_USER']),
		pg_escape_string($_SERVER['HTTP_AUTH_PW']));

Attachment: signature.asc
Description: This is a digitally signed message part

[Index of Archives]     [Postgresql General]     [Postgresql Admin]     [PHP Users]     [PHP Home]     [PHP on Windows]     [Kernel Newbies]     [PHP Classes]     [PHP Databases]     [Yosemite Backpacking]     [Postgresql Jobs]

  Powered by Linux