Programming Theory
 
Forums: » Register « |  User CP |  Games |  Calendar |  Members |  FAQs |  Sitemap |  Support | 
User Name:
Password:
Remember me
Go Back   Codewalkers ForumsOther TechnologiesProgramming Theory
Reload this Page

Handling Single-Column Single-Record Mysql Result

Discuss Handling Single-Column Single-Record Mysql Result in the Programming Theory forum on Codewalkers.
Handling Single-Column Single-Record Mysql Result Discuss here techniques and methods used to program effectively. Questions in this forum should be more like 'How do I build a better...' rather than 'This code doesn't work, how do I fix it?'

Record onscreen activity, your voice & webcam video. Turn everyday presentations into HD-quality videos.

For perfectly clear screencasts every time.
At the IBM® developerWorks Developer Knowledge Center you'll find resources for FREE ekits, Tutorials, Webcasts, Trial Downloads and more.


We cover the world of technology like no one else, constantly updating you with the best information available on open source software, Microsoft technologies, hardware and news from around the world.

Try Camtasia Studio today!
Visit the IBM® Developer Knowledge Center today!
Sign up today!

Reply
Add This Thread To:
  Del.icio.us   Digg   Google   Spurl   Blink   Furl   Simpy   Y! MyWeb 
« Previous Thread | Next Thread »  
Thread Tools Search this Thread Rate Thread Display Modes
 
Unread Codewalkers Forums Sponsor:
  #1  
Old January 23rd, 2004, 03:56 AM
bluephoenix's Avatar
bluephoenix bluephoenix is offline
Levelheaded Curmudgeon
Codewalkers Novice (500 - 999 posts)
  
Join Date: Apr 2007
Location: Syracuse, NY
Posts: 508 bluephoenix User rank is Just a Lowly Private (1 - 20 Reputation Level) 
Time spent in forums: 7 h 24 m 56 sec
Reputation Power: 3
Send a message via AIM to bluephoenix
Handling Single-Column Single-Record Mysql Result
I'm helping a friend stumble through writing some very basic authentication scripts using php and mysql.

Our relevent PHP code follows:
php Code:
Original - php Code 
  1. <?php
  2.   $name = $_POST['name'];
  3.   $password = $_POST['pass'];
  4.  
  5.   $server = mysql_connect("localhost", "PHPUSER", "PHP123");
  6.   mysql_select_db("DND");
  7.   $result = mysql_query("SELECT USER_PASSWD FROM DNDAUTH WHERE USER_ID='$name'")
  8.             or die("Invalid Query!" . msql_error());
  9.  
  10.   list($incomming_password) = mysql_fetch_row($result);
  11.   mysql_close($server);
  12.  
  13.   if ($password == $incomming_password)
  14.     echo "$name authenticated.";
  15.   else
  16.     header("Location: login.html");
  17. ?>


I really couldn't see the use of forming the query SELECT * FROM DNDAUTH because we're only interested in the one value, USER_PASSWD. But it seems a bit of a waste to extract the value out through an array and then through list().

Is there a better way to do this, or is this pretty much standard and it just seems weird to me because we're returning a single column single record?

Thanks.

Tim
Reply With Quote
  #2  
Old January 23rd, 2004, 04:09 AM
CodeKadiya CodeKadiya is offline
Contributing User
Codewalkers Regular (2000 - 2499 posts)
  
Join Date: Apr 2007
Location: Colombo,Sri Lanka
Posts: 2,330 CodeKadiya User rank is Just a Lowly Private (1 - 20 Reputation Level) 
Time spent in forums: 8 h 50 m 36 sec
Reputation Power: 5
Send a message via Yahoo to CodeKadiya
RE: Handling Single-Column Single-Record Mysql Result
I'd code authentication scripts in this way. Just check it out, you'll see what I do.
php Code:
Original - php Code 
  1.  
  2. <?php
  3.   $name = $_POST['name'];
  4.   $password = $_POST['pass'];
  5.  
  6.   $server = mysql_connect("localhost", "PHPUSER", "PHP123") or die("Couldn't connect");
  7.   mysql_select_db("DND",$server) or die("Couldn't select DB");
  8.   $result = mysql_query("SELECT USER_ID,PASSWD FROM DNDAUTH WHERE USER_ID='$name' AND PASSWD='$password'")
  9.             or die("Invalid Query!" . mysql_error());
  10.  
  11.   mysql_close($server);
  12.  
  13.   if (mysql_num_rows($result)>0)
  14.     echo "$name authenticated.";
  15.   else
  16.     header("Location: login.html");
  17. ?>
Reply With Quote
  #3  
Old January 23rd, 2004, 04:12 AM
bluephoenix's Avatar
bluephoenix bluephoenix is offline
Levelheaded Curmudgeon
Codewalkers Novice (500 - 999 posts)
  
Join Date: Apr 2007
Location: Syracuse, NY
Posts: 508 bluephoenix User rank is Just a Lowly Private (1 - 20 Reputation Level) 
Time spent in forums: 7 h 24 m 56 sec
Reputation Power: 3
Send a message via AIM to bluephoenix
RE: Handling Single-Column Single-Record Mysql Result
pretty sly

Thanks!
Reply With Quote
  #4  
Old January 7th, 2009, 12:34 AM
anderswc anderswc is offline
Registered User
Codewalkers Newbie (0 - 499 posts)
  
Join Date: Jan 2009
Posts: 1 anderswc User rank is Just a Lowly Private (1 - 20 Reputation Level) 
Time spent in forums: 15 m 29 sec
Reputation Power: 0
OK, sorry for bumping a super old post (as in 5 years!) but I found this on Google, and others are likely to do so as well.

The first piece of code given would accept a login if an invalid username and an empty password were passed in.
The second piece of code could easily be tricked by using SQL injection to return ANY value. Escaping all input code would fix this problem.

Again, sorry for bumping such an old thread, but I don't want someones security to be compromised by reading this.
Reply With Quote
Reply

Viewing: Codewalkers ForumsOther TechnologiesProgramming Theory > Handling Single-Column Single-Record Mysql Result

« Previous Thread | Next Thread »

Thread Tools  Search this Thread 
Search this Thread:

Advanced Search
Display Modes  Rate This Thread 
Linear Mode Linear Mode
Rate This Thread:


Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
View Your Warnings | New Posts | Latest News | Latest Threads | Shoutbox
Forum Jump




 Free IT White Papers!
 
How to Present Effectively Online
This white paper offers practical and actionable advice on the key steps that any presenter should consider as they plan and execute a Webinar or online meeting.
Request Your Free Technology Downloads!
 
Open Source Security Myths
Open Source Software (OSS) is computer software whose source code is available to the general public with relaxed or non-existent intellectual property restrictions (or arrangement such as the public domain), and is usually developed with the input of many contributors.
Request Your Free Technology Downloads!
 
Power and Cooling Capacity Management for Data Centers
This paper describes the principles for achieving power and cooling capacity management.
Request Your Free Technology Downloads!
 
Scalable, Fault-Tolerant NAS for Oracle - The Next Generation
For several years NAS has been evolving as a storage alternative for Oracle databases, and for good reason: NAS is quite often the simplest, most cost-effective storage approach for Oracle. Learn about the benefits that HP's approach to scalable NAS brings to Oracle environments in this comprehensive white paper.
Request Your Free Technology Downloads!
 
Understanding Web Application Security Challenges
This white paper discusses many common threats and preventive measures for Web application security, and explains what you can do to help protect your organization.
Request Your Free Technology Downloads!
 

Forums: » Register « |  User CP |  Games |  Calendar |  Members |  FAQs |  Sitemap |  Support | 
  
 




© 2003-2009 by Developer Shed. All rights reserved. DS Cluster 5 Hosted by Hostway
For more Enterprise Application Development news, visit eWeek