[FX.php List] character encoding issue?

Bob Patin bob at patin.com
Tue Feb 21 08:34:20 MST 2006


Guys,

I'm not sure why you're having so much trouble with this. I use a  
login page with emails all the time, and I've not had to do any  
character replacing to make it work.

I use

AddDBParam('email','==' . $email);

on a bunch of different sites and it works fine. It won't work  
without an exact match, and the @ sign causes no trouble at all.

Best,

Bob Patin
Longterm Solutions
bob at longtermsolutions.com
615-333-6858
http://www.longtermsolutions.com

   CONTACT US VIA SKYPE:
      USERNAME: longtermsolutions

   CONTACT US VIA INSTANT MESSAGING:
      AIM or iChat: longterm1954
      Yahoo: longterm_solutions
      MSN: bob at patin.com
      ICQ: 159333060



On Feb 21, 2006, at 9:28 AM, Dale Bengston wrote:

> Hi Michael,
>
> I hit on something similar. Whenever a user's profile is modified,  
> I use str_replace to add a modified, searchable version of their  
> email to another field via FX:
> 	$username = str_replace('@','|',$_POST['email'])
>
> So, when a user profile record is modified, the email field in FMP  
> contains a valid email: 'dbengston at domain.com', and the search-in  
> field has: 'dbengston|domain.com'.
>
> (I could use a calc field and Substitute to have a dynamic version  
> of this, but that will slow down searches if the number of users  
> gets big. So I decided to stuff the searchable email into a static,  
> indexable text field.)
>
> Then I use str_replace again to replace the '@' character in the  
> user-entered email
> 	str_replace('@','|',$_POST['user'])
>
> ...before I pass it to FMP in the FX login query.
>
> -Dale
>
> On Feb 18, 2006, at 1:49 PM, Michael Layne wrote:
>
>> Hi all,
>>
>> I've been using this for quite a while with solid results...
>>
>> PHP:
>> $user = str_replace("@","",$_POST['user']);
>> $userpass = $user . "." .  $_POST['pass']; // the 'period' can be  
>> whatever, or nothing, just concatenate the two values on both PHP  
>> and FM sides
>>
>>     $q = new FX($ip, $port);
>>     $q->SetDBData($fmdb,'users');
>>     $q->SetDBPassword($fmpw[0],$fmpw[1]);
>>     $q->AddDBParam('email_password','==' . $userpass);
>>     $r = $q->FMFind();
>>
>> FileMaker:
>> field = email_password(calc):
>> Substitute ( email ; "@" ; "" )& "." & password
>>
>> HTH,
>>
>> Michael
>>
>>
>> DC wrote:
>>> andy,
>>>
>>> be super careful passing superglobals directly into FMP.
>>> the code you posted below might be exploited by sending this:
>>>
>>> http://site.com/login.php?username=*
>>>
>>> try it and let us know what you find. the "eq" parameter might  
>>> give you some protection against this asterisk, but i think even  
>>> that could be thwarted by some clever request.
>>>
>>> best rule is... don't pass user input directly to anything until  
>>> it has been sanitized.
>>>
>>> dan
>>>
>>> On Feb 16, 2006, at 6:55 PM, Andy Gaunt wrote:
>>>
>>>> $query->AddDBParam( 'email',
>>>> str_replace('@','\@',$_REQUEST['username']),"eq" );
>>>
>>> _______________________________________________
>>> FX.php_List mailing list
>>> FX.php_List at mail.iviking.org
>>> http://www.iviking.org/mailman/listinfo/fx.php_list
>>>
>>
>>
>>
>> _______________________________________________
>> FX.php_List mailing list
>> FX.php_List at mail.iviking.org
>> http://www.iviking.org/mailman/listinfo/fx.php_list
>
> _______________________________________________
> FX.php_List mailing list
> FX.php_List at mail.iviking.org
> http://www.iviking.org/mailman/listinfo/fx.php_list

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.iviking.org/pipermail/fx.php_list/attachments/20060221/c05086a9/attachment-0001.html


More information about the FX.php_List mailing list