Do a string compare on the pid to ensure case sensitive match. We could

make the pid field "binary" in the DB as an alternative to this.

Do a string compare on the pid to ensure case sensitive match. We could
make the pid field "binary" in the DB as an alternative to this.
7d77a404 · Leigh B. Stoller · e59cc59c · 7d77a404
Commit 7d77a404 authored Feb 05, 2001 by Leigh B. Stoller
Hide whitespace changes
Inline Side-by-side

Showing with 8 additions and 1 deletion

www/usradded.php3 www/usradded.php3 +8 -1

No files found.
--- a/www/usradded.php3
+++ b/www/usradded.php3
@@ -108,7 +108,7 @@ else {
 # project membership, but I don't like that.
 # 
 $query_result = mysql_db_query($TBDBNAME,
-	"SELECT * FROM projects WHERE pid=\"$pid\"");
+	"SELECT pid FROM projects WHERE pid=\"$pid\"");
 if (! $query_result) {
    $err = mysql_error();
    TBERROR("Database Error retrieving info for $pid: $err\n", 1);
@@ -116,6 +116,13 @@ if (! $query_result) {
 if (mysql_num_rows($query_result) == 0) {
    USERERROR("No such project $pid. Please go back and try again.", 1);
 }
+#
+# XXX String compare to ensure case match. 
+#
+$row = mysql_fetch_row($query_result);
+if (strcmp($row[0], $pid)) {
+    USERERROR("No such project $pid. Please go back and try again.", 1);
+}

 #
 # For a new user: