On Wed, Feb 27, 2008 at 4:55 PM, Jason Pruim <japruim@xxxxxxxxxx> wrote:
> So I was supposed to go home a half hour ago but that didn't happen...
> I hate deadlines! :P
>
> Can someone tell me why this code works for setting the table name:
>
> function authentication($user, $pass, $authenticated, $table){
>
> // Keep in mind, PASSWORD has meaning in MySQL
> // Do your string sanitizing here
> // (e.g. - $user = mysql_real_escape_string($_POST['user']);)
> $salt = "salt";
> $salt1 = $salt;
> $salt1 .= $pass;
>
> $password = md5("$salt1");
> $loginQuery = "SELECT * FROM current WHERE loginName='".$user."'
> AND loginPassword='".$password."' LIMIT 0,1;";
> $loginResult = mysql_query($loginQuery) or die("Wrong data supplied
> or database error" .mysql_error());
> while($row1 = mysql_fetch_array($loginResult)) {
> $_SESSION['user'] = $row1['loginName'];
> $_SESSION['loggedin'] = "YES";
> $authenticated = "true";
> $_SESSION['table'] = $row1['tableName'];
>
> }
> return $table;
> return $authenticated;
> }
>
> But this code doesn't:
>
> function authentication($user, $pass, $authenticated, $table){
>
> // Keep in mind, PASSWORD has meaning in MySQL
> // Do your string sanitizing here
> // (e.g. - $user = mysql_real_escape_string($_POST['user']);)
> $salt = "salt";
> $salt1 = $salt;
> $salt1 .= $pass;
>
> $password = md5("$salt1");
> $loginQuery = "SELECT * FROM current WHERE loginName='".$user."'
> AND loginPassword='".$password."' LIMIT 0,1;";
> $loginResult = mysql_query($loginQuery) or die("Wrong data supplied
> or database error" .mysql_error());
> while($row1 = mysql_fetch_array($loginResult)) {
> $_SESSION['user'] = $row1['loginName'];
> $_SESSION['loggedin'] = "YES";
> $authenticated = "true";
> $table = $row1['tableName'];
>
> }
> return $table;
> return $authenticated;
> } \
>
>
> the query that I'm using is simply this: $query = "SELECT * FROM ".
> $_SESSION['table']." order by ".$sortOrder."";
>
> Or this: $query = "SELECT * FROM ".$table." order by ".$sortOrder."";
>
> Depending on if you use the working or the non-working code :)
>
> Any ideas?
>
> --
>
> Jason Pruim
> Raoset Inc.
> Technology Manager
> MQC Specialist
> 3251 132nd ave
> Holland, MI, 49424-9337
> www.raoset.com
> japruim@xxxxxxxxxx
>
>
Why do your functions have two returns? Only the first one will be
executed. In your first function, $table is unaltered and returned as
the result of the function, while $_SESSION['table'] gets the value of
$row1['tableName']. In the second one, $table gets the value of
$row1['tableName'] and then gets returned.
In both, you are setting $authenticated to a string "true" when you
should probably use a boolean TRUE; however, neither function actually
returns the value since both functions exit on the previous return
statement.
Andrew
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
