On Thu, Feb 18, 2010 at 4:40 PM, Ron Piggott <ron.php@xxxxxxxxxxxxxxxxxx> wrote: > I am wondering what others do for a login query. I think there could be > two results: correct e-mail & password; correct e-mail & wrong password > > So far my login query is: > > SELECT * FROM `member` WHERE `email` = '$my_email' AND `pass` LIKE > BINARY '$my_password' LIMIT 1 > > This wouldn't tell me if the user has the wrong password. Is there a > better way to do this? > > Ron > > > > bad bad bad! never do a like on a password. If there are two passwords that are close, the unauthorized user might get in when they shouldn't. There are two usual approaches: 1. Select the user (providing that the user is distinct) and compare the password in PHP. On a match, allow access. 2. Select the user and password and see if the results return a row. If no row is returned, then access is not granted. If there is a row, then access is granted. HTH -- Bastien Cat, the other other white meat -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
