Yahoo Clever wird am 4. Mai 2021 (Eastern Time, Zeitzone US-Ostküste) eingestellt. Ab dem 20. April 2021 (Eastern Time) ist die Website von Yahoo Clever nur noch im reinen Lesemodus verfügbar. Andere Yahoo Produkte oder Dienste oder Ihr Yahoo Account sind von diesen Änderungen nicht betroffen. Auf dieser Hilfeseite finden Sie weitere Informationen zur Einstellung von Yahoo Clever und dazu, wie Sie Ihre Daten herunterladen.
PHP error, oracle database and SQL code?
Trying to do a PHP login page with oracle database. Top is the code fragment, the bottom was the error given. I already have the database connection code. What is the right syntax for the below?
13 $s = oci_parse($c, "select * from employee where
eid='"$_POST['eid']"' and pwrd ='"$_POST['pwrd']"'");
14
15 oci_execute($s);
error:
Parse error: syntax error, unexpected T_VARIABLE in
/afs/csc.depauw.edu/home/dsolis/public_html/do_authuser.php on line 13
2 Antworten
- vor 1 JahrzehntBeste Antwort
This is tangential, but I thought you might want a pointer. Your code may currently be vulnerable to a SQL injection attack - a malicious user could send unexpected POST data that would brreak up your query.
I definitely suggest doing some data validation here, if nothing else.
Also ensure that your data is properly escaped by doing an addslashes(); [For those using mySQL, use mysql_escape_string()]
- splLv 4vor 1 Jahrzehnt
First off, you should be doing some error checking on the post variables but do some concatenating.
should read:
$s = oci_parse($c, "select * from employee where
eid=".$_POST['eid']." and pwrd =".$_POST['pwrd'].");
