|
|
Posted by cover on 07/10/07 05:10
On Mon, 09 Jul 2007 21:39:08 -0700, cover
<coverlandNOSPAM914@yahoo.com> wrote:
>On Tue, 10 Jul 2007 06:07:24 +0200, "J.O. Aho" <user@example.net>
>wrote:
>
>
>>$query="SELECT * FROM table WHERE password_column='{$_POST['password']}'";
>>$res=mysql_query($query);
>>if(!mysql_num_rows($res)) {
>> echo "sorry, the wrong password";
>> exit;
>>}
>>
>> echo "Wow, you know the password";
>
So as I look at this again, perhaps the user logs in their first name
and in the table password_tbl a password exists that corresponds with
their first name. So is that:
$query="SELECT * FROM $table WHERE
firstname_column='{$_POST['firstname']}'" AND;
password_column='{$_POST['password']}'";
$res=mysql_query($query);
if(!mysql_num_rows($res)) {
echo "sorry, the wrong password";
exit;
}
echo "Wow, you know the password";
[Back to original message]
|