Posted by J.O. Aho on 07/10/07 05:34

cover wrote:

> So as I look at this again, perhaps the user logs in their first name
> and in the table password_tbl a password exists that corresponds with
> their first name. So is that:
>
> $query="SELECT * FROM $table WHERE
> firstname_column='{$_POST['firstname']}'" AND;
> password_column='{$_POST['password']}'";
> $res=mysql_query($query);
> if(!mysql_num_rows($res)) {
> echo "sorry, the wrong password";
> exit;
> }
> echo "Wow, you know the password";

Yes, in the case you want that the user will be using both a login name and
password, if you only want a password, you have to see that the password is
unique, otherwise the users can be mixed up (while using login+pass the
likelihood is a lot less that you have two persons with the same login and
password, of course you should see to have only one user for each
username/login you use).

--

//Aho

[Back to original message]