Yes. You are correct. Did not include that part, sry.
Dont forget mysql_real_escape_string.
:)
Karl
On Apr 29, 2010, at 9:37 AM, Peter Lind wrote:
On 29 April 2010 15:00, Karl DeSaulniers <karl@xxxxxxxxxxxxxxx> wrote:
Hi,
Maybe try...
$benutzername = $_GET['username'];
$pass = $_GET['password'];
$result = "SELECT * FROM usertable WHERE
sqlbenutzername='$benutzername'";
Don't use values from $_GET without sanitizing first. If using mysql_*
functions, sanitize with mysql_real_escape_string() first.
while($r = mysql_fetch_row($result)) {
$dbbenutzer = $r["sqlbenutzername"];
$dbpasswort = $r["sqlpasswort"];
}
if($benutzername == $dbbenutzer && $pass == $dbpasswort){
This would work but only if you're storing passwords in the database
in clear text - which is a Bad Thing and should be avoided. Hash the
passwords before storing and compare with a hashed version, not the
cleartext.
Regards
Peter
--
<hype>
WWW: http://plphp.dk / http://plind.dk
LinkedIn: http://www.linkedin.com/in/plind
Flickr: http://www.flickr.com/photos/fake51
BeWelcome: Fake51
Couchsurfing: Fake51
</hype>
--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Karl DeSaulniers
Design Drumm
http://designdrumm.com
--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
