Hi - I am pretty new to PHP. I am working on a call to a SQL stored procedure from a PHP file. In reading some online forums, it looks like I might need a bind statement before I do my call? I tried to write on below, can someone take a look and let me know if I need this bind statement and if so, what I did wrong in writing it?
$authdb = $this->db_init();
if ($this->config->passtype === 'internal') {
// lookup username externally, but resolve
// password locally -- to support backend that
// don't track passwords
$rs = $authdb->Execute("SELECT * FROM {$this->config->table}
WHERE {$this->config->fielduser} = '".$this->ext_addslashes($extusername)."' ");
if (!$rs) {
$authdb->Close();
print_error('auth_dbcantconnect','auth');
return false;
}
if ( !$rs->EOF ) {
$rs->Close();
$authdb->Close();
// user exists exterally
// check username/password internally
if ($user = get_record('user', 'username', $username, 'mnethostid', $CFG->mnet_localhost_id)) {
return validate_internal_user_password($user, $password);
}
} else {
$rs->Close();
$authdb->Close();
// user does not exist externally
return false;
}
} else {
// normal case: use external db for passwords
if ($this->config->passtype === 'md5') { // Re-format password accordingly
$extpassword = md5($extpassword);
} else if ($this->config->passtype === 'sha1') {
$extpassword = sha1($extpassword);
}
elseif($this->config->passtype === 'pc')
{
[B] bind($authdb, "@unencrypted",$extpassword, SQLVARCHAR);
bind($authdb, "@return_encrypted",$extpassword, SQLVARCHAR);
$extpassword = $authdb->query("call sp_encrypt_text($extpassword, $extpassword)");
} [/B]
$rs = $authdb->Execute("SELECT * FROM {$this->config->table}
WHERE {$this->config->fielduser} = '".$this->ext_addslashes($extusername)."'
AND {$this->config->fieldpass} = '".$this->ext_addslashes($extpassword)."' ");
if (!$rs) {
$authdb->Close();
print_error('auth_dbcantconnect','auth');
return false;
}
if (!$rs->EOF) {
$rs->Close();
$authdb->Close();
return true;
} else {
$rs->Close();
$authdb->Close();
return false;
}
}
}
