AnsweredAssumed Answered

Some values behave like wildcards in PHP API search

Question asked by RobertSinton on Jul 6, 2010
Latest reply on Jul 20, 2010 by TSGal

Summary

Some values behave like wildcards in PHP API search

Product

FileMaker Pro

Version

11

Operating system version

OS X 10.6

Description of the issue

Some values, when searched for, seem to match against any record.

This was observed when a user entered a high unicode character into a utf-8 web page. After sanitising with PHP's htmlentities() function, the resuling string did not restrict the found set when used in a two-field search: the result was the same as if the search had been done on only the first field.

Steps to reproduce the problem

<?php

# Sanitise input values
$Login    = htmlentities( $_REQUEST['Login'] );
$Password = htmlentities( $_REQUEST['Password'] );

# Search for matching user record.
$fm = fmfactory();
$findReq =& $fm->newFindCommand( 'Users' );
$findReq->addFindCriterion( 'Login', '=="' . $Login . '"' );
$findReq->addFindCriterion( 'Password', '=="' . $Password . '"' );
$result = $findReq->execute();

?>

Expected result

The script above should find only records with the given Login and Password values.

Actual result

If the input value for Password is "Ø" (Scandinavian O with a slash through it, other characters also triggered the problem), this search finds the user record for the given Login, regardless of what the record's Password value is.

Outcomes