Posted by Mary Pegg on 05/18/06 15:48

Andy Jeffries wrote:

> On Wed, 17 May 2006 19:15:58 -0700, Jessica Parker wrote:
>> If he does it after he connects, it will work. It's not the best idea,
>> but it will work.
>> He should probably change one to $pass so that he can connect again
>> later, right?
>
> I think Mary's point (correct me if I'm wrong here Mary) is that he seems

I was just checking that this isn't real code and that they're not using
the same variable name in two places... or doing this:

> to have a table set up with valid user (ID, username, password) but also
> has to set up a MySQL user account for each one to connect with.
>
> Perfectly valid, but a royal pain in the ass and probably not as
> intended...

Nope, but OTOH if you use the supplied username / password to make
the database connection, no further authentication is required and
they are pretty much guaranteed not to be able to get any further...

[Back to original message]