Hi,
First-time poster. :) I've tried the PHP Manual, but I don't think I know enough to spot the right answer when I see it. Hopefully someone here can help.
I'm building a basic login form that authenticates off a MS SQL db. I'm having trouble with setting cookies from the db.
The example I'm learning from uses MYSQL, so they use MYSQL_NUM. What can I use, so that the echo statement shows the username pulled from the SELECT statement?
MSSQL_NUM isn't supported on my installation of PHP (hence why I'm using ODBC), and ODBC_NUM isn't a defined constant.
First-time poster. :) I've tried the PHP Manual, but I don't think I know enough to spot the right answer when I see it. Hopefully someone here can help.
I'm building a basic login form that authenticates off a MS SQL db. I'm having trouble with setting cookies from the db.
include ('./functions/sanitise.inc'); // include the functions to prevent an SQL injection attack.
if (isset($_POST['submit'])) { // If the Login button is clicked.
$strMessage = NULL;
$strUserError = NULL;
$strPassError = NULL;
// Check for a username.
// If not found, return an error message.
if (empty($_POST['log_username'])) {
$strUsername = FALSE;
$strUserError .= 'Please enter your username.';
} else {
$strUsername = $_POST['log_username'];
}
// Check for a password.
// If not found, return an error message.
if (empty($_POST['log_password'])) {
$strPassword = FALSE;
$strPassError .= 'Please enter your password.';
} else {
$strPassword = $_POST['log_password'];
}
// If the user/pass combination is filled out, handle the form.
if ($strUsername && $strPassword) {
require_once ('../sql_connect.php'); // Connect to the db.
// Check that the username select is not already taken.
$sqlQuery = sprintf ("SELECT TOP 10000 username, password FROM km_users WHERE username='" . sanitize($strUsername, SQL) . "' ORDER BY username");
$varResult = odbc_exec($dbc, $sqlQuery);
if (odbc_num_rows($varResult) == 0) { // if $count is 0, then there were no rows with the selected username.
$strUserError = 'Invalid Username. Please check your username again.';
odbc_close($dbc); // Close the db connection.
} else { // If the username is in the database, check the password.
$sqlQuery = sprintf ("SELECT TOP 10000 username, password, firstname FROM km_users WHERE (username='" . sanitize($strUsername, SQL) . "' AND password='" . sanitize($strPassword, SQL) . "') ORDER BY username");
$varResult = odbc_exec($dbc, $sqlQuery);
if (odbc_num_rows($varResult) == 0) { // if $count is 0, then there were no rows with the selected username.
$strPassError = 'Your Username and Password do not match. Please check your password.';
odbc_close($dbc); // Close the db connection.
} else {
//////////////////////
// Here's where I'm having the problem. I want to see this data
// (so I know what I'm pulling is correct). The example I'm learning
// from here uses MYSQL, so they use MYSQL_NUM. What can I use here,
// so that the echo statement below shows the username pulled from the
// SELECT statement?
//
// MSSQL_NUM isn't supported on my installation of PHP (hence why I'm
// using ODBC), and ODBC_NUM isn't a defined constant.
//////////////////////
$row = odbc_fetch_array($varResult, MYSQL_NUM);
echo $row[1];
odbc_close($dbc); // Close the db connection.
exit(); // exit the script
}
}
}
} // end of main if conditional.
// Set the page title and include the header.
$strPageTitle = 'Login';
include ('./header.inc');
?>... (html follows: standard login form, username/password)The example I'm learning from uses MYSQL, so they use MYSQL_NUM. What can I use, so that the echo statement shows the username pulled from the SELECT statement?
MSSQL_NUM isn't supported on my installation of PHP (hence why I'm using ODBC), and ODBC_NUM isn't a defined constant.