[FX.php List] Errors searching for email addresses
Bob Patin
bob at patin.com
Mon Jan 26 10:29:05 MST 2009
This is an often-discussed topic; the other thing to consider is that
users can use wildcards to spoof your login system.
Here's what I use in my web apps to validate username and password:
$query->AddDBParam('username',"==".preg_replace('/([@*#?!=<>"])/','\\\$
{1}',$username));
$query->AddDBParam('password',"==".preg_replace('/([@*#?!=<>"])/','\\\$
{1}',$password));
I forget who originally posted this, but it's very useful...
Hope this helps,
Bob Patin
Longterm Solutions LLC
bob at longtermsolutions.com
615-333-6858
http://www.longtermsolutions.com
Twitter: bobpatin
iChat/AIM: bobpatin
FileMaker 9 Certified Developer
Member of FileMaker Business Alliance & TechNet
--------------------------
FileMaker hosting and consulting for all versions of FileMaker
PHP • Full email services • Free DNS hosting • Colocation • Consulting
On Jan 26, 2009, at 11:13 AM, luke at soundtoys.com wrote:
> I am using fx.php to check login credentials against our FM db and
> the username is the customers email address. I keep getting a 401
> error (no matching records) because of the @ being a special symbol
> in FM. How do I pass the data as an argument for AddDBParam() such
> that it recognizes the '@' as the actual character not the special
> symbol.
>
> Thanks in advance,
>
> --
>
> /***************************
> * Luke Awtry
> * Audio Plugin Developer
> * SoundToys, Inc.
> * 802.951.9700 x207
> * luke at soundtoys.com
> ***************************/
> _______________________________________________
> FX.php_List mailing list
> FX.php_List at mail.iviking.org
> http://www.iviking.org/mailman/listinfo/fx.php_list
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mail.iviking.org/pipermail/fx.php_list/attachments/20090126/cc72f954/attachment.html
More information about the FX.php_List
mailing list