Jason Pruim wrote:
So I was supposed to go home a half hour ago but that didn't happen... I
hate deadlines! :P
Can someone tell me why this code works for setting the table name:
function authentication($user, $pass, $authenticated, $table){
// Keep in mind, PASSWORD has meaning in MySQL
// Do your string sanitizing here
// (e.g. - $user = mysql_real_escape_string($_POST['user']);)
$salt = "salt";
$salt1 = $salt;
$salt1 .= $pass;
$password = md5("$salt1");
$loginQuery = "SELECT * FROM current WHERE
loginName='".$user."' AND loginPassword='".$password."' LIMIT 0,1;";
$loginResult = mysql_query($loginQuery) or die("Wrong data
supplied or database error" .mysql_error());
while($row1 = mysql_fetch_array($loginResult)) {
$_SESSION['user'] = $row1['loginName'];
$_SESSION['loggedin'] = "YES";
$authenticated = "true";
$_SESSION['table'] = $row1['tableName'];
}
return $table;
return $authenticated;
}
But this code doesn't:
function authentication($user, $pass, $authenticated, $table){
// Keep in mind, PASSWORD has meaning in MySQL
// Do your string sanitizing here
// (e.g. - $user = mysql_real_escape_string($_POST['user']);)
$salt = "salt";
$salt1 = $salt;
$salt1 .= $pass;
$password = md5("$salt1");
$loginQuery = "SELECT * FROM current WHERE
loginName='".$user."' AND loginPassword='".$password."' LIMIT 0,1;";
$loginResult = mysql_query($loginQuery) or die("Wrong data
supplied or database error" .mysql_error());
while($row1 = mysql_fetch_array($loginResult)) {
$_SESSION['user'] = $row1['loginName'];
$_SESSION['loggedin'] = "YES";
$authenticated = "true";
$table = $row1['tableName'];
}
return $table;
return $authenticated;
} \
the query that I'm using is simply this: $query = "SELECT * FROM
".$_SESSION['table']." order by ".$sortOrder."";
Or this: $query = "SELECT * FROM ".$table." order by ".$sortOrder."";
Depending on if you use the working or the non-working code :)
Any ideas?
--
Jason Pruim
Raoset Inc.
Technology Manager
MQC Specialist
3251 132nd ave
Holland, MI, 49424-9337
www.raoset.com
japruim@xxxxxxxxxx
The only difference I'm seeing is you're assigning the
$row1['tableName'] to $table rather than $_SESSION['table']. Is that
intended? $table isn't defined in the top function, so it would most
likely return null.
Also, since you're only expecting one result, you could do away with the
while loop and just run $row1 = mysql_fetch_array($loginResult). It
would accomplish the same goal (nitpicking... sorry).
Also, why are there two return statements? The second will never run.
Maybe I missed something though.
--
Ray Hauge
www.primateapplications.com
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
