On 29 April 2010 15:00, Karl DeSaulniers <karl@xxxxxxxxxxxxxxx> wrote:
> Hi,
> Maybe try...
>
> $benutzername = $_GET['username'];
> $pass = $_GET['password'];
>
> $result = "SELECT * FROM usertable WHERE sqlbenutzername='$benutzername'";
Don't use values from $_GET without sanitizing first. If using mysql_*
functions, sanitize with mysql_real_escape_string() first.
> while($r = mysql_fetch_row($result)) {
> $dbbenutzer = $r["sqlbenutzername"];
> $dbpasswort = $r["sqlpasswort"];
> }
> if($benutzername == $dbbenutzer && $pass == $dbpasswort){
This would work but only if you're storing passwords in the database
in clear text - which is a Bad Thing and should be avoided. Hash the
passwords before storing and compare with a hashed version, not the
cleartext.
Regards
Peter
--
<hype>
WWW: http://plphp.dk / http://plind.dk
LinkedIn: http://www.linkedin.com/in/plind
Flickr: http://www.flickr.com/photos/fake51
BeWelcome: Fake51
Couchsurfing: Fake51
</hype>
--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
