2 Replies - 441 Views - Last Post: 07 July 2016 - 11:14 AM Rate Topic: -----

#1 dennix101   User is offline

  • New D.I.C Head

Reputation: 0
  • View blog
  • Posts: 1
  • Joined: 07-July 16

Admin login error

Posted 07 July 2016 - 10:02 AM

Pls i need somebody to help me interpret this code for i am a novice in PHP;

$result=executeQuery("select *,DECODE(stdpassword,'oespass') as std from student where stdname='".htmlspecialchars($_REQUEST['name'],ENT_QUOTES)."' and stdpassword=ENCODE('".htmlspecialchars($_REQUEST['password'],ENT_QUOTES)."','oespass')");
          if(mysql_num_rows($result)>0)
          {

              $r=mysql_fetch_array($result);
              if(strcmp(htmlspecialchars_decode($r['std'],ENT_QUOTES),(htmlspecialchars($_REQUEST['password'],ENT_QUOTES)))==0)
              {
                  $_SESSION['stdname']=htmlspecialchars_decode($r['stdname'],ENT_QUOTES);
                  $_SESSION['stdid']=$r['stdid'];
                  unset($_GLOBALS['message']);
                  header('Location: stdwelcome.php');
              }else

This post has been edited by andrewsw: 07 July 2016 - 10:09 AM
Reason for edit:: added missing [code][/code] tags


Is This A Good Question/Topic? 0
  • +

Replies To: Admin login error

#2 andrewsw   User is online

  • Unprocessable Entity
  • member icon

Reputation: 6591
  • View blog
  • Posts: 26,822
  • Joined: 12-December 12

Re: Admin login error

Posted 07 July 2016 - 10:09 AM

What is your interpretation of the code?

What has this to do with "admin login error"?
Was This Post Helpful? 0
  • +
  • -

#3 Atli   User is offline

  • Enhance Your Calm
  • member icon

Reputation: 4240
  • View blog
  • Posts: 7,216
  • Joined: 08-June 10

Re: Admin login error

Posted 07 July 2016 - 11:14 AM

You're messing around with HTML special characters far too much in that snippet.

Data inside the database should NOT be HTML encoded. You should only do that when you're printing data into a HTML page. - If you're having to HTML decode data, you're usually doing something wrong.


This line, in particular, is a little weird:
if(strcmp(htmlspecialchars_decode($r['std'],ENT_QUOTES),(htmlspecialchars($_REQUEST['password'],ENT_QUOTES)))==0)


You decode the field from the database, encode the request data, and then compare them? Doesn't exactly add up.
Was This Post Helpful? 0
  • +
  • -

Page 1 of 1