So I was supposed to go home a half hour ago but that didn't happen...
I hate deadlines! :P
Can someone tell me why this code works for setting the table name:
function authentication($user, $pass, $authenticated, $table){
// Keep in mind, PASSWORD has meaning in MySQL
// Do your string sanitizing here
// (e.g. - $user =
mysql_real_escape_string($_POST['user']);)
$salt = "salt";
$salt1 = $salt;
$salt1 .= $pass;
$password = md5("$salt1");
$loginQuery = "SELECT * FROM current WHERE loginName='".$user."'
AND loginPassword='".$password."' LIMIT 0,1;";
$loginResult = mysql_query($loginQuery) or die("Wrong data supplied
or database error" .mysql_error());
while($row1 = mysql_fetch_array($loginResult)) {
$_SESSION['user'] = $row1['loginName'];
$_SESSION['loggedin'] = "YES";
$authenticated = "true";
$_SESSION['table'] = $row1['tableName'];
}
return $table;
return $authenticated;
}
But this code doesn't:
function authentication($user, $pass, $authenticated, $table){
// Keep in mind, PASSWORD has meaning in MySQL
// Do your string sanitizing here
// (e.g. - $user =
mysql_real_escape_string($_POST['user']);)
$salt = "salt";
$salt1 = $salt;
$salt1 .= $pass;
$password = md5("$salt1");
$loginQuery = "SELECT * FROM current WHERE loginName='".$user."'
AND loginPassword='".$password."' LIMIT 0,1;";
$loginResult = mysql_query($loginQuery) or die("Wrong data supplied
or database error" .mysql_error());
while($row1 = mysql_fetch_array($loginResult)) {
$_SESSION['user'] = $row1['loginName'];
$_SESSION['loggedin'] = "YES";
$authenticated = "true";
$table = $row1['tableName'];
}
return $table;
return $authenticated;
} \
the query that I'm using is simply this: $query = "SELECT * FROM ".
$_SESSION['table']." order by ".$sortOrder."";
Or this: $query = "SELECT * FROM ".$table." order by ".$sortOrder."";
Depending on if you use the working or the non-working code :)
Any ideas?
--
Jason Pruim
Raoset Inc.
Technology Manager
MQC Specialist
3251 132nd ave
Holland, MI, 49424-9337
www.raoset.com
[EMAIL PROTECTED]
