TalkPHP - View Single Post

YBH · 12-05-2007, 06:02 AM

Alright so I'm trying to make a authentication, I'm doing it little by little since I'm still new. I think I'm just confused :)

PHP Code:


			
//Short Variables
$user = $_POST['user'];
$pass = $_POST['pass'];
$dir = $_POST['dir'];

// Checking if anything was entered
if (!$user || !$pass || !$dir)

{

    echo 'You have not entered all the required fields.';

    exit;

}


if (get_magic_quotes_gpc())

{

    $user = addslashes($user);

    $pass = addslashes($pass);

    $dir = addslashes($dir);

}

// Connect to db
$db = new mysqli ('localhost', 'user', 'pass', 'dir');

// Cant connect to db
if (mysqli_connect_errno())

{

    echo 'Error: Could not connect to database.';

    exit;

}

// Adding customer to table
$query = "INSERT INTO clients

         ('".$user."', '".$pass."', '".$dir."')";

$result = $db->query($query);

// Customer added to table
if ($result)

echo $db->affected_rows.' Customer inserted into database.';

// Clean ups
$db->close();

After it was viewed by another programmer, he recommended using stripslashes.

When magic_quotes are gone, what would you guys recommend to do? I would think there is another way of doing it? The reason I do it this way is because I used to use Visual Basic, and it has a good feel to it and lets me understand it easier instead of having 1000000x different commands/initials/etc.

the $dir is a row that will store URLs for each customer, eventually when I get to it. Sock, the example you were going to provide storing URLs in MySQL would be a great help! :)

12-05-2007, 06:02 AM	#12 (permalink)
YBH The Wanderer Join Date: Dec 2007 Posts: 22 Thanks: 4	Alright so I'm trying to make a authentication, I'm doing it little by little since I'm still new. I think I'm just confused :) PHP Code: //Short Variables $user = $_POST['user']; $pass = $_POST['pass']; $dir = $_POST['dir']; // Checking if anything was entered if (!$user \|\| !$pass \|\| !$dir) { echo 'You have not entered all the required fields.'; exit; } if (get_magic_quotes_gpc()) { $user = addslashes($user); $pass = addslashes($pass); $dir = addslashes($dir); } // Connect to db $db = new mysqli ('localhost', 'user', 'pass', 'dir'); // Cant connect to db if (mysqli_connect_errno()) { echo 'Error: Could not connect to database.'; exit; } // Adding customer to table $query = "INSERT INTO clients ('".$user."', '".$pass."', '".$dir."')"; $result = $db->query($query); // Customer added to table if ($result) echo $db->affected_rows.' Customer inserted into database.'; // Clean ups $db->close(); After it was viewed by another programmer, he recommended using stripslashes. When magic_quotes are gone, what would you guys recommend to do? I would think there is another way of doing it? The reason I do it this way is because I used to use Visual Basic, and it has a good feel to it and lets me understand it easier instead of having 1000000x different commands/initials/etc. the $dir is a row that will store URLs for each customer, eventually when I get to it. Sock, the example you were going to provide storing URLs in MySQL would be a great help! :)