Trying to do a PHP login page with oracle database. Top is the code fragment, the bottom was the error given. I already have the database connection code. What is the right syntax for the below?
13 $s = oci_parse($c, "select * from employee where
eid='"$_POST['eid']"' and pwrd ='"$_POST['pwrd']"'");
14
15 oci_execute($s);
error:
Parse error: syntax error, unexpected T_VARIABLE in
/afs/csc.depauw.edu/home/dsolis/public... on line 13
PHP error, oracle database and SQL code?
This is tangential, but I thought you might want a pointer. Your code may currently be vulnerable to a SQL injection attack - a malicious user could send unexpected POST data that would brreak up your query.
I definitely suggest doing some data validation here, if nothing else.
Also ensure that your data is properly escaped by doing an addslashes(); [For those using mySQL, use mysql_escape_string()]
Reply:First off, you should be doing some error checking on the post variables but do some concatenating.
should read:
$s = oci_parse($c, "select * from employee where
eid=".$_POST['eid']." and pwrd =".$_POST['pwrd'].");
send flowers
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment