Reputation: 1414
php code not executing. Checked config files already
I have some php code in a seperate file and its being called using javascript. But the php code isnt working. instead its just putting the code in the div. Like the full code is in the div. how can i make this php code execute
My javascript function looks like this:
function checklogin(){
var xmlhttp;
if (window.XMLHttpRequest)
{
xmlhttp=new XMLHttpRequest();
}
xmlhttp.onreadystatechange=function()
{
if (xmlhttp.readyState==4 && xmlhttp.status==200)
{
if(xmlhttp.responseText='FAILED')
{alert('failed');};
}
}
var Usrname
Usrname=document.getElementById("edtLoginUsername").text;
xmlhttp.open("GET","DatabaseFunctions.php?Username="+Usrname,true);
xmlhttp.send();};
AND MY PHP Code look like this:
<?php
$myServer = "example.com";
$myUser = "dbuser";
$myPass = "dbpass";
$myDB = "efarm";
//connection to the database
$dbhandle = mssql_connect($myServer, $myUser, $myPass)
or die("Couldn't connect to SQL Server on $myServer");
//select a database to work with
$selected = mssql_select_db($myDB, $dbhandle)
or die("Couldn't open database $myDB");
//declare the SQL statement that will query the database
$query = "SELECT COUNT(*) FROM Users WHERE Username=myQuoteString('$_GET(USERNAME)')'";
//execute the SQL query and return records
$result = mssql_query($query);
echo 'FAILED';
//close the connection
mssql_close($dbhandle);
?>
i have already checked my httpd.conf file and checked that the php is installed and configured
Upvotes: 0
Views: 64
Answers (2)
Reputation: 168755
Your problem is here:
"...myQuoteString('$_GET(USERNAME)')'";
This is incorrect syntax for PHP. There are about five separate mistakes in just this tiny bit of code.
$_GETis an array, not a function, so it needs square brackets, not round ones.USERNAMEvalue inside the$_GETbrackets is a string so must also be enclosed in quotes.myQuoteString()is a function call, which means it cannot be inside the query string.- You've got quotes around
$_GET, which is also incorrect.
Ouch.
I'll assume that myQuoteString() is a function you've written that escapes a variable for use in a SQL query and adds quotes?
In that case, your code needs to look like this:
$query = "SELECT COUNT(*) FROM Users WHERE Username=".myQuoteString($_GET['USERNAME']);
If myQuoteString() doesn't do all that, you need to make sure that either it does or you escape your input variable some other way, because you would be vulnerable to hacking attacks otherwise.
(if you're not sure, try posting your form with a name containing quote characters; if you're not escaping properly, that will cause the program to fail)
Hope that helps.
Upvotes: 0
Reputation: 40639
Check your MS SQL Connection and use $_GET['Username'] in place of $_GET(USERNAME)
$query = "SELECT COUNT(*) FROM Users
WHERE Username='".$_GET['Username']."'";
Upvotes: 2
Related Questions
- PHP code is not being executed, but the code shows in the browser source code
- Apache shows PHP code instead of executing it
- PHP script not running on browser
- Running PHP script does not work
- PHP script doesn't execute on Apache server
- PHP file is not executing code
- Php wont execute
- Why PHP code is not being processed?
- PHP code not executing, new to PHP