Hot Scripts Forums - View Single Post

YourPHPPro · #9 (**permalink**) 08-15-03, 05:37 PM

Quote:

$username = $_POST['username'];
$password = $_POST['password'];

include ("dbconnect.php");// supplies credentials to connect to Database

$sql = "SELECT * FROM logins ";
$sql .= "WHERE user='".$username."';";

Also, you would need to do some checking on the 'username'. It is not a good idea to query user supplied information from a DB without checking it.

One way to do it would be something like this:

Quote:

$SQL = "SELECT Users_ID, Users_Access FROM users WHERE Users_Name=" . Custom_StripText($login) . " AND Users_Password=" . Custom_StripText($password);
$db->query($SQL);
$Result = $db->next_record();
if($Result) {
SetSession("UserID", $Result("Users_ID"));
SetSession("UserLogin", $login);
SetSession("UserPassword", $password);
SetSession("AccessLevel", $Result("Users_Access"));
}