hi guys am having problem in accessing my account from a web page below is the code
Code:
#!C:/Ruby095/bin/ruby
require 'cgi'
cgi = CGI.new
puts cgi.header
require "mysql"
begin
con = Mysql.new 'localhost', 'root', 'root33', 'db'
rs = con.query("SELECT * FROM account where username=%s %(username) and password = %s %(password)")
rs.each do |row|
if username == row[0] and password == row[1]:
puts 'login'
else
puts 'no'
end
end
rescue Mysql::Error => e
puts e.errno
puts e.error
ensure
con.close if con
end
okay, in the database, i have
username = mutago and password = mutanx22.
when i used sql query by referencing the username and password in this code below,
Code:
rs = con.query("SELECT * FROM account where username='mutago' and password ='mutax22'")
the applications runs perfectly and only the write user are authenticated
okay now i want to authenticate the users access from web page and i have to look for a parameter symbol
that will be used to repalce username and password variables so that the right user will be authenticate so i set this
Code:
rs = con.query("SELECT * FROM account where username=%s %(username) and password = %s %(password)")
This query authenticates both the wrong and right users. I think my problems lines in using wrong parameter symbols in the SQL where CLAUSE statement
Code:
where username=%s %(username) and password = %s %(password)")
[/code}
In php, it works this way
[code] ("SELECT * FROM account where username=$username and password = $password")
and php parameter symbol is
$
any help please