Page 1 of 1

Another 1 line of code (for login in)

Posted: Wed Oct 13, 2010 2:52 am
by emelianenko
Hello everybody,


I am doing the login page and yes, I know how to do it the standard way but since I am going to use Ajax for that, I just need to know the 1 line of syntax that goes upon clicking the Submit button. I already have the Ajax code and also know how to write the php handling script, what I dont know is how exactly the syntax from button to Ajax function is in order to send it the 2 parameters, the username and the pwd

More or less I thought about this

Code: Select all


<input type = button onclick=" checkUser"'.stripslashes(['username']).'" .stripslashes(['password'])'.'" >

I put stripslashes, but I should also put mysql_real_escape_string but i get lost in putting them in order amongst dots single and double quotes

but they are pretty much necessary because a sql injection could delete the users table ...

thank you very much

Emi

Re: Another 1 line of code (for login in)

Posted: Wed Oct 13, 2010 4:03 am
by kalpesh.mahida
Hi,

Checking Sql injection attack is part of server side scripting language(PHP), why you are putting that particular code to the onClick event of a button?

Kalpesh Mahida

Re: Another 1 line of code (for login in)

Posted: Wed Oct 13, 2010 11:01 am
by flying_circus
emelianenko wrote:but they are pretty much necessary because a sql injection could delete the users table ...
Yes, as Kalpesh said, dont bother doing any validation on the client side. Anyone can go into their browser (if they are using one) and simply disable javascript. You should be using a server side langauge like PHP to validate and escape your data, and ideally, be using prepared SQL statements.