[FX.php List] character encoding issue?
Michael Layne
fx at 9degrees.com
Sat Feb 18 12:49:12 MST 2006
Hi all,
I've been using this for quite a while with solid results...
PHP:
$user = str_replace("@","",$_POST['user']);
$userpass = $user . "." . $_POST['pass']; // the 'period' can be
whatever, or nothing, just concatenate the two values on both PHP and FM
sides
$q = new FX($ip, $port);
$q->SetDBData($fmdb,'users');
$q->SetDBPassword($fmpw[0],$fmpw[1]);
$q->AddDBParam('email_password','==' . $userpass);
$r = $q->FMFind();
FileMaker:
field = email_password(calc):
Substitute ( email ; "@" ; "" )& "." & password
HTH,
Michael
DC wrote:
> andy,
>
> be super careful passing superglobals directly into FMP.
> the code you posted below might be exploited by sending this:
>
> http://site.com/login.php?username=*
>
> try it and let us know what you find. the "eq" parameter might give
> you some protection against this asterisk, but i think even that could
> be thwarted by some clever request.
>
> best rule is... don't pass user input directly to anything until it
> has been sanitized.
>
> dan
>
> On Feb 16, 2006, at 6:55 PM, Andy Gaunt wrote:
>
>> $query->AddDBParam( 'email',
>>
>> str_replace('@','\@',$_REQUEST['username']),"eq" );
>>
>
> ------------------------------------------------------------------------
>
> _______________________________________________
> FX.php_List mailing list
> FX.php_List at mail.iviking.org
> http://www.iviking.org/mailman/listinfo/fx.php_list
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.iviking.org/pipermail/fx.php_list/attachments/20060218/c98d42d2/attachment-0001.html
More information about the FX.php_List
mailing list