> Would it be ok to use the same code to check if customer is loged in?
>
> $query = mysql_query("
> SELECT COUNT(Username) as NoOfRecords
> FROM customers
> WHERE Username = '$Username' AND Password = '$Password'");
> if (mysql_result($query, 0) == 0)
> {
> echo 'Please try again';
> }
> else
> {
> header('location: index.php);
> exit;
> }
Assuming that the 'Username' field is unique, then the COUNT() is not
necessary in this case as the number of returned results would never be
greater than 1.
A more reasonable approach would be something like this:
<?
$query = "SELECT UserID, Password FROM customers WHERE Username =
'{$_POST['username']}'";
$result = mysql_query($query);
if(mysql_num_rows($result) == 1) {
if($_POST['password'] == mysql_result($result, 0, 'Password')) {
$_SESSION['logged_in'] = 'Yes';
$_SESSION['user_id'] = mysql_result($result, 0, 'UserID');
header('location: index.php);
}else{
echo "Invalid Password!";
}
}else{
echo "Invalid Username!";
}
?>
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
