Re: php mysql comparing two rows in two columns for username and passwort

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 29 April 2010 15:00, Karl DeSaulniers <karl@xxxxxxxxxxxxxxx> wrote:
> Hi,
> Maybe try...
>
> $benutzername = $_GET['username'];
> $pass = $_GET['password'];
>
> $result = "SELECT * FROM usertable WHERE sqlbenutzername='$benutzername'";

Don't use values from $_GET without sanitizing first. If using mysql_*
functions, sanitize with mysql_real_escape_string() first.

> while($r = mysql_fetch_row($result)) {
>        $dbbenutzer = $r["sqlbenutzername"];
>        $dbpasswort = $r["sqlpasswort"];
> }
>       if($benutzername == $dbbenutzer && $pass == $dbpasswort){

This would work but only if you're storing passwords in the database
in clear text - which is a Bad Thing and should be avoided. Hash the
passwords before storing and compare with a hashed version, not the
cleartext.

Regards
Peter

-- 
<hype>
WWW: http://plphp.dk / http://plind.dk
LinkedIn: http://www.linkedin.com/in/plind
Flickr: http://www.flickr.com/photos/fake51
BeWelcome: Fake51
Couchsurfing: Fake51
</hype>

-- 
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php



[Index of Archives]     [PHP Home]     [PHP Users]     [Postgresql Discussion]     [Kernel Newbies]     [Postgresql]     [Yosemite News]

  Powered by Linux