Another 1 line of code (for login in)

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
emelianenko
Forum Commoner
Posts: 35
Joined: Thu Sep 09, 2010 11:49 am

Another 1 line of code (for login in)

Post by emelianenko »

Hello everybody,


I am doing the login page and yes, I know how to do it the standard way but since I am going to use Ajax for that, I just need to know the 1 line of syntax that goes upon clicking the Submit button. I already have the Ajax code and also know how to write the php handling script, what I dont know is how exactly the syntax from button to Ajax function is in order to send it the 2 parameters, the username and the pwd

More or less I thought about this

Code: Select all


<input type = button onclick=" checkUser"'.stripslashes(['username']).'" .stripslashes(['password'])'.'" >

I put stripslashes, but I should also put mysql_real_escape_string but i get lost in putting them in order amongst dots single and double quotes

but they are pretty much necessary because a sql injection could delete the users table ...

thank you very much

Emi
kalpesh.mahida
Forum Commoner
Posts: 36
Joined: Wed Oct 06, 2010 7:09 am

Re: Another 1 line of code (for login in)

Post by kalpesh.mahida »

Hi,

Checking Sql injection attack is part of server side scripting language(PHP), why you are putting that particular code to the onClick event of a button?

Kalpesh Mahida
User avatar
flying_circus
Forum Regular
Posts: 732
Joined: Wed Mar 05, 2008 10:23 pm
Location: Sunriver, OR

Re: Another 1 line of code (for login in)

Post by flying_circus »

emelianenko wrote:but they are pretty much necessary because a sql injection could delete the users table ...
Yes, as Kalpesh said, dont bother doing any validation on the client side. Anyone can go into their browser (if they are using one) and simply disable javascript. You should be using a server side langauge like PHP to validate and escape your data, and ideally, be using prepared SQL statements.
Post Reply