Re: php mysql comparing two rows in two columns for username and passwort

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Yes. You are correct. Did not include that part, sry.
Dont forget mysql_real_escape_string.
:)

Karl


On Apr 29, 2010, at 9:37 AM, Peter Lind wrote:

On 29 April 2010 15:00, Karl DeSaulniers <karl@xxxxxxxxxxxxxxx> wrote:
Hi,
Maybe try...

$benutzername = $_GET['username'];
$pass = $_GET['password'];

$result = "SELECT * FROM usertable WHERE sqlbenutzername='$benutzername'";

Don't use values from $_GET without sanitizing first. If using mysql_*
functions, sanitize with mysql_real_escape_string() first.

while($r = mysql_fetch_row($result)) {
       $dbbenutzer = $r["sqlbenutzername"];
       $dbpasswort = $r["sqlpasswort"];
}
      if($benutzername == $dbbenutzer && $pass == $dbpasswort){

This would work but only if you're storing passwords in the database
in clear text - which is a Bad Thing and should be avoided. Hash the
passwords before storing and compare with a hashed version, not the
cleartext.

Regards
Peter

--
<hype>
WWW: http://plphp.dk / http://plind.dk
LinkedIn: http://www.linkedin.com/in/plind
Flickr: http://www.flickr.com/photos/fake51
BeWelcome: Fake51
Couchsurfing: Fake51
</hype>

--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php


Karl DeSaulniers
Design Drumm
http://designdrumm.com


--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php


[Index of Archives]     [PHP Home]     [PHP Users]     [Postgresql Discussion]     [Kernel Newbies]     [Postgresql]     [Yosemite News]

  Powered by Linux