What error are you getting? Maybe there's some way to fix that too. Just remember that errors and notices are like pain. It usually means there's something wrong. If you're getting an error, there may be a better way of doing waht you're doing. Ideally, you should get zero results if there's no match in the user database. Typically for a user lookup, you might do something like this: SELECT <whatever> FROM usertable WHERE username = '<username>' AND password = '<password>' If you get zero results, then they don't exist OR they entered the wrong password. If you get more than one result, then you have a duplicate account. If you have duplicate usernames, then you won't get multiple matches unless the passwords are also duplicated. Say, for example, you have a duplicated username but different passwords: user: me pass: pass1 user: me pass: pass2 Then login will succeed if they use me/pass1 OR me/pass2 but each way, you'll still only get one result from your db query. btw.. before someone rails me for not mentioning security... typically you'd store the passwords encrypted or hashed (one-way md5 or something) then you encrypt or hash the password the same when the user is logging in and compare them to the DB. That way, you don't store the password in plaintext and you can still check to see if the right password is entered. example: user: me pass: pass1 md5(pass1): laksro2i3 (fake md5.. lazy :) user logs in with: user: me pass: pass1 system runs md5(pass1) and gets laksro2i3 again. it matches what's in the DB, so therefore is the correct password. Anyway.. main point is.. if you're getting errors, try to fix them. If you're getting multiple results on your user check, you may have bad input/uniqueness checking or you may be implementing your user system not as logically as you could. -TG ----- Original Message ----- From: Jason Pruim <japruim@xxxxxxxxxx> To: "TG" <tg-php@xxxxxxxxxxxxxxxxxxxxxx> Cc: "PHP General List" <php-general@xxxxxxxxxxxxx> Date: Fri, 14 Mar 2008 13:00:11 -0400 > On Mar 14, 2008, at 12:51 PM, TG wrote: > > The username's will be unique... Still need to make that change to the > DB but they will be. > > The main reason I'm doing it this way, is if I don't put in some kind > of a check on the authentication then it pops up a mysql error saying > that there is a problem with my syntax... instead of NOT logging them > in... So I thought if I checked to make sure that the query only > returned 1 row, it would match up and I could do some error checking > based on that... -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
