[FX.php List] Errors searching for email addresses
Gjermund Gusland Thorsen
ggt667 at gmail.com
Mon Jan 26 12:20:45 MST 2009
If you use Unicode indexing, wildcards are no longer an issue either...
ggt
2009/1/26 Bob Patin <bob at patin.com>:
> If I'm reading the code below properly, the internal preg_replace() is
> processed first, so if $username = "b*b" it would be changed to "bb."
> Someone will correct me if I'm wrong...
>
> So someone can't guess a username by putting something like
>
> p*
>
> instead of
>
> patin
>
> for example...
>
> Then, the 2 equal signs force an exact match.
>
> I'm not sure of the hierarchy of processing in these query lines below, but
> I'd think that the preg_replace() would be processed before the whole line
> is processed, since all the lines of the $query are processed at one time by
> the final line of the query block.
>
> Is that right, someone?
>
> BP
>
> Bob Patin
> Longterm Solutions LLC
> bob at longtermsolutions.com
> 615-333-6858
> http://www.longtermsolutions.com
> Twitter: bobpatin
> iChat/AIM: bobpatin
> FileMaker 9 Certified Developer
> Member of FileMaker Business Alliance & TechNet
> --------------------------
> FileMaker hosting and consulting for all versions of FileMaker
> PHP • Full email services • Free DNS hosting • Colocation • Consulting
>
>
> $query->AddDBParam('username',"==".preg_replace('/([@*#?!=<>"])/','\\\${1}',$username));
> $query->AddDBParam('password',"==".preg_replace('/([@*#?!=<>"])/','\\\${1}',$password));
>
>> Talk to me about spoofing login.
>>
>> If the "==" is used, how would wildcards succeed?
>>
>> Thanks
>>
>> J
>>
>
> _______________________________________________
> FX.php_List mailing list
> FX.php_List at mail.iviking.org
> http://www.iviking.org/mailman/listinfo/fx.php_list
>
More information about the FX.php_List
mailing list