On 15/08/06, Ross <ross@xxxxxxxxxxxxx> wrote:
Hello,
I have a couple of questions
first how do I check two tables is it?
$sql = "SELECT * FROM mytable, mytable2 WHERE username = '$username' AND
userpass = '$userpass'";
Secondly my table just sends and returns straight values from the db but I
expect some kind of encription is required. What is a simple, secure
method.
md5() or another method. Do I store an encypted file on the server and
just
decrypt it at the php page.
my auth script at present
<?php
session_start();
$auth = false; // Assume user is not authenticated
$username= $_REQUEST['username'];
$userpass= $_REQUEST['userpass'];
if (isset($username) && isset($userpass)) {
$sql = "SELECT * FROM mytable WHERE
username = '$username' AND
userpass = '$userpass'";
// Execute the query and put results in $result
$result = mysql_query( $sql )
or die ( 'Unable to execute query.' );
// Get number of rows in $result.
$num_rows = mysql_num_rows($result);
if($num_rows == 0) {
}
else {
$_SESSION['username']= $username;
$_SESSION['userpass']= $userpass;
header("Location: disclaimer.php");
$auth = true;
}
}
Question 1 - you are doing a join so there has to be a linking index
between the two table ie select * from table1, table2 where table1.id =
table2.userid (for example). Question 2 - md5 is sufficient, depends on
what your are storing (ie credit card numbers may require a stronger
encyption method. To check:
$pass = md5(password);
select * from table 1 where password = '$pass';
I think the php and mysql md5 functions differ but I may be wrong!
--
http://www.web-buddha.co.uk
http://www.projectkarma.co.uk
