Nope, quotes are not visible in the output.
Both the HTML and the script it calls are shown below. They are in 2
separate files. The variable names in both are "user" and "password".
The data comes through to the PHP script fine - if I print them I see
exactly what I typed in the form, but when I pass them to my DB host on
another server via mysql_connect it give me an error.
HTML:
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd";>
<html xmlns="http://www.w3.org/1999/xhtml";>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
<title>Admin</title>
<style type="text/css">
.desw { font-family: Arial, Helvetica, sans-serif; }
</style>
</head>
<body>
<div align="center">
<p> </p>
<p><img src="../images/web_logo_admin.png" alt="0" width="221"
height="134" border="0" /></p>
<p class="desw"> </p>
<p class="desw"><strong>Please log in.</strong></p>
<p class="desw"> </p>
<form id="form1" name="form1" action="../wservices/connect.php"
method="post">
<p>User: <input type="text" name="user" id="user" /></p>
<p>Password: <input type="password" name="password" id="password"
/></p>
<p><input type="submit" name="login" id="login" value="Login" /></p>
</form>
<p class="desw"> </p>
<p class="desw"> </p>
</div>
<p> </p>
<p> </p>
</body>
</html>
PHP:
<?php
# Add redirect page for errors
header( "Location: ../admin/login_error.html" );
# Server info
$host = "instance43490.db.xeround.com:8904";
# Get user & pass from input form
$form_user = $_POST[ 'user' ];
$form_pass = $_POST[ 'password' ];
echo "<p>User: " . $form_user . "</p>";
echo "<p>Pass: " . $form_pass . "</p>";
# Connect to remote DB
$WSDB_LINK = mysql_connect( $host, $form_user, $form_pass );
if( !$WSDB_LINK )
{
error_log( "NeverStranded: cannot connect to the database." );
}
else
{
......
}
?>
On 4/19/13 2:13 PM, Matijn Woudt wrote:
On Fri, Apr 19, 2013 at 10:59 PM, Glob Design Info <info@xxxxxxxxxxxxxx>wrote:
Already did that. I printed the form values in the PHP script after they
are received and they print exactly as entered in the form. Even checked
for extra spaces.
Any functions I can pass the values to to remove the magic quotes?
Thanks,
You would see the quotes if they were there in the output. There's no
reason why it should not work this way, though I doubt it's safe to do. Can
you show us the rest of the code, including the HTML form?
And exactly what error are you getting? (eg. from mysql_error())
On 4/19/13 1:47 PM, Matijn Woudt wrote:
On Fri, Apr 19, 2013 at 10:43 PM, Glob Design Info <info@xxxxxxxxxxxxxx
wrote:
I know this has probably been answered already.
When I pass a user name and password from a form to my PHP script and
then
pass those to mysql_connect it doesn't connect. When I paste those exact
same values into mysql_connect as string literals it works.
Can anyone tell me why this happens?
I know the strings are identical to the literals I try in a test but they
don't work when submitted via form.
$form_user = $_POST[ 'user' ];
$form_pass = $_POST[ 'password' ];
# Connect to remote DB
$LINK = mysql_connect( $host, $form_user, $form_pass );
And yes, my $host param is correct.
Thanks,
Try printing the $form_user and form_pass values, it might be that it's
just an error elsewhere, maybe field name is different in the html?
Otherwise, it might be you have some php init setting, like magic quotes
that does something with the input data.
- Matijn
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
