Results 1 to 4 of 4
  1. #1
    Join Date
    Apr 2004
    Location
    Canada
    Posts
    57

    Unanswered: Strictly identical...

    Hi there,

    I have a query wrote as follow:
    "SELECT userQuestion FROM $table WHERE userMail LIKE '$email'"

    It is supposed to return a result ONLY IF userMail and $email are STRICTLY IDENTICAL.

    Alas. I noticed that if $email contains only a few characters of userMail I got a result. And this is not what I want because in this case the secure login is not guaranteed! I may get a result only if a full similarity of both elements exists.

    I unsuccessfully tried replacing LIKE with the Equal Sign (=).

    Could anyone help me?

    Many thanks in advance!

  2. #2
    Join Date
    Jan 2004
    Location
    India
    Posts
    168
    As you said STRICTLY IDENTICAL it means that you want the result where userMail = $email. If you do this what is the result that you are getting? Please tell me little more about this. May be your have not said what you are trying to do..
    The LIKE is basically used for search. This means that it will be case insensitive.
    Another thing is that what ever the sql statement is, if you execute it and it returns no error then the result will be true always.
    Little more explanation will help you.

    Regards
    Rajesh

  3. #3
    Join Date
    Apr 2004
    Location
    Canada
    Posts
    57
    Thank you, dear Rajesh for replying and I apologize for the delay but I wasn't at home for several days.

    First, here is my full script:
    Code:
    <?php
    include 'key.php';
    $table = "users"; 
    mysql_connect( $host, $user, $pass) or die( "cannot connect " .mysql_error() ); 
    mysql_select_db( $db ) or die( "cannot select db ".mysql_error() );
    $email = $_POST[ "email" ];
    $email = trim($email);
    $result = mysql_query("SELECT userQuestion FROM $table WHERE userMail = '$email'");
    if ( mysql_num_rows( $result ) > 0 )
    print "&error=This is a valid address"; 
    else 
    print "&error=This address doesn't exist"; 
    while ( $row = mysql_fetch_array( $result ) ) { 
    print "&question=".$row["userQuestion"]; 
    }
    ?>
    Variable is send as usual from my Flash File.

    Purpose of this script (which is working as it returns results) is to be the first stage of a secure three step process of identification of the user before he/she is allowed to modify his/her personal record. Useless to say that a PRECISE identification is VERY important.

    The problem I am experiencing is the following:
    Say the real email address of the registered user is <john@domain.com>. If somebody enters <john@anotherdomain.com> the script returns a TRUE result like, say, "This is a valid address" which is obviously wrong!!!!!
    This happens only if in the table there's another email address which contains "john". If there's not another email address which contains "john", it returns a FALSE result like, say, "This address doesn't exist".

    How could this be possible?

    If you need more information, just ask for it!
    Many thanks and my warmest regards,

    Gerard
    Last edited by Germaris; 09-05-04 at 06:25.

  4. #4
    Join Date
    Jan 2004
    Location
    India
    Posts
    168
    Hi,
    Let me aski some thing about this. Is you $email contain the domain name along with it or is it taking from any other variable. Like for eg you may have a text box for username and another for domain name. Whe you catinate the two may be the later part the domain name does not come.
    Your sql statement is correct and is only suppose to get the result if the whole string matches with the value in the specified fiield.
    Try printing you sql statement and see what is the out put? Means may be some thing is missing like the variables that are passed.
    $sql="SELECT userQuestion FROM $table WHERE userMail = '$email'";
    $result = mysql_query($sql);
    echo "SQl: $sql";
    check for the output then inform me accordingly we will proceed. Also try printing the value of the mysql_num_rows($result);.

    Regards
    Rajesh

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •