Re: counting records in db

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Your idea to use 'COUNT(Username)' is just about the ONLY part of that
script that you are doing correctly...

:-)

Start reading here:
http://phpsec.org/

And the header("Location: ...") requires a full URL.

And you should have better error-checking, probably.
[Though maybe you have a custom error handler not apparent]

And your DB password should probably be a hash/crypted value.

And it looks like maybe you are using register_globals "on" which is bad.

Once again, start reading:
http://phpsec.org/

On Thu, October 26, 2006 1:16 pm, afan@xxxxxxxx wrote:
> Would it be ok to use the same code to check if customer is loged in?
>
> $query = mysql_query("
>                SELECT COUNT(Username) as NoOfRecords
>                FROM customers
>                WHERE Username = '$Username' AND Password =
> '$Password'");
> if (mysql_result($query, 0) == 0)
> {
>    echo 'Please try again';
> }
> else
> {
>    header('location: index.php);
>    exit;
> }
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>


-- 
Some people have a "gift" link here.
Know what I want?
I want you to buy a CD from some starving artist.
http://cdbaby.com/browse/from/lynch
Yeah, I get a buck. So?

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php


[Index of Archives]     [PHP Home]     [Apache Users]     [PHP on Windows]     [Kernel Newbies]     [PHP Install]     [PHP Classes]     [Pear]     [Postgresql]     [Postgresql PHP]     [PHP on Windows]     [PHP Database Programming]     [PHP SOAP]

  Powered by Linux