Your idea to use 'COUNT(Username)' is just about the ONLY part of that script that you are doing correctly... :-) Start reading here: http://phpsec.org/ And the header("Location: ...") requires a full URL. And you should have better error-checking, probably. [Though maybe you have a custom error handler not apparent] And your DB password should probably be a hash/crypted value. And it looks like maybe you are using register_globals "on" which is bad. Once again, start reading: http://phpsec.org/ On Thu, October 26, 2006 1:16 pm, afan@xxxxxxxx wrote: > Would it be ok to use the same code to check if customer is loged in? > > $query = mysql_query(" > SELECT COUNT(Username) as NoOfRecords > FROM customers > WHERE Username = '$Username' AND Password = > '$Password'"); > if (mysql_result($query, 0) == 0) > { > echo 'Please try again'; > } > else > { > header('location: index.php); > exit; > } > > -- > PHP General Mailing List (http://www.php.net/) > To unsubscribe, visit: http://www.php.net/unsub.php > > -- Some people have a "gift" link here. Know what I want? I want you to buy a CD from some starving artist. http://cdbaby.com/browse/from/lynch Yeah, I get a buck. So? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
