|
|||||||||
|
|||||||||
|
|||||||||
| |
|||
 |
|
|
|
|
|||||||||
|
|||||||||
|
|||||||||
| |
|||
|
|
|
|
| |||||||||
 |
|
|
«
Previous Thread
|
Next Thread
»
|
Thread Tools | Search this Thread | Display Modes |
Dev Articles Community Forums Sponsor:
|
|
Stay one step ahead of the competition. Evaluate and give feedback
on some of the hottest web development tools on the market today.
Make your opinion heard! Click
Here
|
|
#1
January 15th, 2004, 08:17 AM
|
|||
|
|||
|
PHP, MySQL check
Okay, im new to working with databases using PHP. I want to make a simple user database, and have people sign in to look at a page;
so I want to do something like this on the page thats password protected Code:
<?
if ($_POST['username'] == $username && $_POST['password'] == $password)
{
include 'site.php'
}
else
{
include 'wrongpass.php'
}
?>
(wrote this code kind of quick) Okay, my question is, how can I set $username and $password to check the mysqldtabase fields and mach them up? Is this the right approach or should I be doing it another way all together? Any help is appreciated
|
|
#2
January 15th, 2004, 09:25 AM
|
||||
|
||||
|
If you want real security, you'll need to take another tack. For example, say I either spider your site or make a wild guess that you've got "secure" content on a page called site.php. If I load that page directly rather than going through the user/password page, I've bypassed your security. The moral is that you should always protect the content itself and not the wrapper around it. So the logic should be (in plain English): "If username and password are correct, print out the content; else include or print the error page."
As for building the user system, I believe there are several tutorials on the site that should be a good start. You might also go to php.net and search for "mysql_query" in the function list. I advise you to familiarize yourself with all the mysql functions before starting work, as this can save you much time and anguish later.
|
|
#3
January 15th, 2004, 02:31 PM
|
|||
|
|||
|
Okay thanks, i understand the problem with going around
|
|
#4
January 15th, 2004, 08:47 PM
|
|||
|
|||
|
Code:
$usercheck = mysql_query("SELECT username FROM users WHERE username=$loginid;");
should this return vaules of $loginid from the dtabase?
|
|
#5
January 16th, 2004, 08:16 AM
|
||||
|
||||
|
> should this return vaules of $loginid from the dtabase?
This will return the username if its equal to $loginid By the way, you don't need semi-colons in the mysql_query()... in fact, that may return an error...
|
|
| Viewing: Dev Articles Community Forums > Databases > MySQL Development > PHP, MySQL check |
| Thread Tools | Search this Thread |
| Display Modes | Rate This Thread |
|
|
 |
|
|
Del.icio.us
Digg
Google
Spurl
Blink
Furl
Simpy
Y! MyWeb
Linear Mode
