[FX.php List] character encoding issue?
Bob Patin
bob at patin.com
Tue Feb 21 08:34:20 MST 2006
Guys,
I'm not sure why you're having so much trouble with this. I use a
login page with emails all the time, and I've not had to do any
character replacing to make it work.
I use
AddDBParam('email','==' . $email);
on a bunch of different sites and it works fine. It won't work
without an exact match, and the @ sign causes no trouble at all.
Best,
Bob Patin
Longterm Solutions
bob at longtermsolutions.com
615-333-6858
http://www.longtermsolutions.com
CONTACT US VIA SKYPE:
USERNAME: longtermsolutions
CONTACT US VIA INSTANT MESSAGING:
AIM or iChat: longterm1954
Yahoo: longterm_solutions
MSN: bob at patin.com
ICQ: 159333060
On Feb 21, 2006, at 9:28 AM, Dale Bengston wrote:
> Hi Michael,
>
> I hit on something similar. Whenever a user's profile is modified,
> I use str_replace to add a modified, searchable version of their
> email to another field via FX:
> $username = str_replace('@','|',$_POST['email'])
>
> So, when a user profile record is modified, the email field in FMP
> contains a valid email: 'dbengston at domain.com', and the search-in
> field has: 'dbengston|domain.com'.
>
> (I could use a calc field and Substitute to have a dynamic version
> of this, but that will slow down searches if the number of users
> gets big. So I decided to stuff the searchable email into a static,
> indexable text field.)
>
> Then I use str_replace again to replace the '@' character in the
> user-entered email
> str_replace('@','|',$_POST['user'])
>
> ...before I pass it to FMP in the FX login query.
>
> -Dale
>
> On Feb 18, 2006, at 1:49 PM, Michael Layne wrote:
>
>> Hi all,
>>
>> I've been using this for quite a while with solid results...
>>
>> PHP:
>> $user = str_replace("@","",$_POST['user']);
>> $userpass = $user . "." . $_POST['pass']; // the 'period' can be
>> whatever, or nothing, just concatenate the two values on both PHP
>> and FM sides
>>
>> $q = new FX($ip, $port);
>> $q->SetDBData($fmdb,'users');
>> $q->SetDBPassword($fmpw[0],$fmpw[1]);
>> $q->AddDBParam('email_password','==' . $userpass);
>> $r = $q->FMFind();
>>
>> FileMaker:
>> field = email_password(calc):
>> Substitute ( email ; "@" ; "" )& "." & password
>>
>> HTH,
>>
>> Michael
>>
>>
>> DC wrote:
>>> andy,
>>>
>>> be super careful passing superglobals directly into FMP.
>>> the code you posted below might be exploited by sending this:
>>>
>>> http://site.com/login.php?username=*
>>>
>>> try it and let us know what you find. the "eq" parameter might
>>> give you some protection against this asterisk, but i think even
>>> that could be thwarted by some clever request.
>>>
>>> best rule is... don't pass user input directly to anything until
>>> it has been sanitized.
>>>
>>> dan
>>>
>>> On Feb 16, 2006, at 6:55 PM, Andy Gaunt wrote:
>>>
>>>> $query->AddDBParam( 'email',
>>>> str_replace('@','\@',$_REQUEST['username']),"eq" );
>>>
>>> _______________________________________________
>>> FX.php_List mailing list
>>> FX.php_List at mail.iviking.org
>>> http://www.iviking.org/mailman/listinfo/fx.php_list
>>>
>>
>>
>>
>> _______________________________________________
>> FX.php_List mailing list
>> FX.php_List at mail.iviking.org
>> http://www.iviking.org/mailman/listinfo/fx.php_list
>
> _______________________________________________
> FX.php_List mailing list
> FX.php_List at mail.iviking.org
> http://www.iviking.org/mailman/listinfo/fx.php_list
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.iviking.org/pipermail/fx.php_list/attachments/20060221/c05086a9/attachment-0001.html
More information about the FX.php_List
mailing list