[FX.php List] Finding emails in Filemaker with PHP

Joel Shapiro jsfmp at earthlink.net
Wed Sep 10 09:21:30 MDT 2008


Hi Josh

If you're using this as part of a login scheme (or for anything where  
you want people to only find the exact email they search for), I'd  
recommend adding two additional components to William's suggestion:

$login->AddDBParam( 'email', '=="' . str_replace( '"', '', $_POST 
['email'] ) . '"' );

Notice that:
  a) there's an opening double-quote immediately after the == and the  
closing double-quote on the other side of the submitted string
  b) the str_replace() strips any double-quotes that might be  
submitted by the user, since otherwise the user could enter "*  
(double-quote asterisk), which would be equivalent to entering an  
asterisk in a Find within FileMaker

(thanks again to Troy for making me aware of this vulnerability)

HTH,
-Joel


On Sep 10, 2008, at 6:04 AM, william.downs wrote:

> Hi Josh,
>
> Surely using double == works ?
>
> as in $medFind->AddDBParam('Email',"==".$medEmail);
>
> I may be lost here though
>
> William
>
> On 10 Sep 2008, at 12:57, Josh Shrier wrote:
>
> How do you do a search in PHP for an email in Filemaker. When it  
> performs a regular search the “@” in the e-mail address forces a no  
> records found result during the find. The only way to find it is  
> the use “” around the address. I do not know how to solve this  
> during a PHP query. Please assist.
>
>
>
> -Josh Shrier
>
> _______________________________________________
> FX.php_List mailing list
> FX.php_List at mail.iviking.org
> http://www.iviking.org/mailman/listinfo/fx.php_list
>
> _______________________________________________
> FX.php_List mailing list
> FX.php_List at mail.iviking.org
> http://www.iviking.org/mailman/listinfo/fx.php_list



More information about the FX.php_List mailing list