[FX.php List] Errors searching for email addresses
Steve Winter
steve at bluecrocodile.co.nz
Mon Jan 26 10:32:03 MST 2009
Hi Bob,
Which is fine so long as you're not actually using an email address as
a username, since the stripping of the @, which your code below does,
will result in it not working ;-)
Cheers
Steve
On 26 Jan 2009, at 17:29, Bob Patin wrote:
> This is an often-discussed topic; the other thing to consider is
> that users can use wildcards to spoof your login system.
>
> Here's what I use in my web apps to validate username and password:
>
> $query->AddDBParam('username',"==".preg_replace('/([@*#?!=<>"])/','\\
> \${1}',$username));
> $query->AddDBParam('password',"==".preg_replace('/([@*#?!=<>"])/','\\
> \${1}',$password));
>
> I forget who originally posted this, but it's very useful...
>
> Hope this helps,
>
> Bob Patin
> Longterm Solutions LLC
> bob at longtermsolutions.com
> 615-333-6858
> http://www.longtermsolutions.com
> Twitter: bobpatin
> iChat/AIM: bobpatin
> FileMaker 9 Certified Developer
> Member of FileMaker Business Alliance & TechNet
> --------------------------
> FileMaker hosting and consulting for all versions of FileMaker
> PHP • Full email services • Free DNS hosting • Colocation • Consulting
>
>
> On Jan 26, 2009, at 11:13 AM, luke at soundtoys.com wrote:
>
>> I am using fx.php to check login credentials against our FM db and
>> the username is the customers email address. I keep getting a 401
>> error (no matching records) because of the @ being a special symbol
>> in FM. How do I pass the data as an argument for AddDBParam() such
>> that it recognizes the '@' as the actual character not the special
>> symbol.
>>
>> Thanks in advance,
>>
>> --
>>
>> /***************************
>> * Luke Awtry
>> * Audio Plugin Developer
>> * SoundToys, Inc.
>> * 802.951.9700 x207
>> * luke at soundtoys.com
>> ***************************/
>> _______________________________________________
>> FX.php_List mailing list
>> FX.php_List at mail.iviking.org
>> http://www.iviking.org/mailman/listinfo/fx.php_list
>
> _______________________________________________
> FX.php_List mailing list
> FX.php_List at mail.iviking.org
> http://www.iviking.org/mailman/listinfo/fx.php_list
Steve Winter
steve at bluecrocodile.co.nz
m: +44 77 7852 4776
3 Calshot Court, Channel Way
Ocean Village, Southampton SO14 3GR
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mail.iviking.org/pipermail/fx.php_list/attachments/20090126/f8916f27/attachment.html
More information about the FX.php_List
mailing list