[FX.php List] Errors searching for email addresses
Bob Patin
bob at patin.com
Mon Jan 26 12:06:02 MST 2009
If I'm reading the code below properly, the internal preg_replace() is
processed first, so if $username = "b*b" it would be changed to "bb."
Someone will correct me if I'm wrong...
So someone can't guess a username by putting something like
p*
instead of
patin
for example...
Then, the 2 equal signs force an exact match.
I'm not sure of the hierarchy of processing in these query lines
below, but I'd think that the preg_replace() would be processed before
the whole line is processed, since all the lines of the $query are
processed at one time by the final line of the query block.
Is that right, someone?
BP
Bob Patin
Longterm Solutions LLC
bob at longtermsolutions.com
615-333-6858
http://www.longtermsolutions.com
Twitter: bobpatin
iChat/AIM: bobpatin
FileMaker 9 Certified Developer
Member of FileMaker Business Alliance & TechNet
--------------------------
FileMaker hosting and consulting for all versions of FileMaker
PHP • Full email services • Free DNS hosting • Colocation • Consulting
$query->AddDBParam('username',"==".preg_replace('/([@*#?!=<>"])/','\\\$
{1}',$username));
$query->AddDBParam('password',"==".preg_replace('/([@*#?!=<>"])/','\\\$
{1}',$password));
> Talk to me about spoofing login.
>
> If the "==" is used, how would wildcards succeed?
>
> Thanks
>
> J
>
More information about the FX.php_List
mailing list