Hey.
Jeg kan ikke se hvad der skulle være galt
Den skriver der er en fejl i line 1, hvilket jeg ikke kan forstå da den er <?php
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''sazo'' at line 1
<?php
// Gør en variabel sikker
function quote_smart($value)
{
if (get_magic_quotes_gpc()) {
$value = stripslashes($value);
}
if (!is_numeric($value)) {
$value = "'" . mysql_real_escape_string($value) . "'";
}
return $value;
}
// Sikre username mod farlige tegn
$match=array("&","<",">");
$replace=array("& # 3 8 ;","& # 6 0 ;","& # 6 2 ;"); //UDEN MELLEMRUM!!
$username=str_replace($match,$replace,$_POST['username']);
// Hent salt og brugernivue
mysql_connect("mydb9.surftown.dk", "", ""); mysql_select_db("jguldag_sazo");
$salt=mysql_query("SELECT salt FROM userlogin WHERE username=".quote_smart($username)) or die(mysql_error());
$brugernv=mysql_query("SELECT brugernv FROM userlogin WHERE username=".quote_smart($username)) or die(mysql_error());
$status=mysql_query("SELECT status FROM userlogin WHERE username".quote_smart($username)) or die(mysql_error());
// Forberedelse af data
$pass=$_POST['password'];
$salt2=mysql_fetch_array($salt);
$cryppass=sha1(sha1($salt2['salt']).$pass);
$brugernv1=mysql_fetch_array($brugernv);
$status2=mysql_fetch_array($status);
// Sammenligning af password
$result=mysql_query("SELECT NULL FROM userlogin WHERE username=".quote_smart($username)." AND password=".quote_smart($cryppass)) or die(mysql_error());
if (mysql_num_rows($result)>0){
session_start();
// Giver Status Session
if(empty($status2['status'])){
$_SESSION['status']='normal';}
else{
$_SESSION['status']=$status2['status'];}
$_SESSION['username']=$username;
$_SESSION['password']=$cryppass;
$_SESSION['brugernv']=$brugernv1['brugernv'];
header('Location: /membersite/member.php');
exit;
}
else {
header('Location: /index.php?menu=member&error=forkert');}
?>
Indlæg senest redigeret d. 23.07.2008 10:09 af Bruger #13410