|
|
|||||||||
|
|||||||||
| |||||||||
|
|
|
| ||||||||||||||||||||||||||
![]() |
|
|
«
Previous Thread
|
Next Thread
»
|
Thread Tools | Search this Thread | Rate Thread | Display Modes |
|
#1
|
|||||
|
|||||
|
Handling Single-Column Single-Record Mysql Result
I'm helping a friend stumble through writing some very basic authentication scripts using php and mysql.
Our relevent PHP code follows: php Code:
I really couldn't see the use of forming the query SELECT * FROM DNDAUTH because we're only interested in the one value, USER_PASSWD. But it seems a bit of a waste to extract the value out through an array and then through list(). Is there a better way to do this, or is this pretty much standard and it just seems weird to me because we're returning a single column single record? Thanks. Tim |
|
#2
|
|||||
|
|||||
|
RE: Handling Single-Column Single-Record Mysql Result
I'd code authentication scripts in this way. Just check it out, you'll see what I do.
php Code:
|
|
#3
|
||||
|
||||
|
RE: Handling Single-Column Single-Record Mysql Result
pretty sly
Thanks! |
|
#4
|
|||
|
|||
|
OK, sorry for bumping a super old post (as in 5 years!) but I found this on Google, and others are likely to do so as well.
The first piece of code given would accept a login if an invalid username and an empty password were passed in. The second piece of code could easily be tricked by using SQL injection to return ANY value. Escaping all input code would fix this problem. Again, sorry for bumping such an old thread, but I don't want someones security to be compromised by reading this. |
![]() |
| Viewing: Codewalkers Forums > Other Technologies > Programming Theory > Handling Single-Column Single-Record Mysql Result |
| Thread Tools | Search this Thread |
| Display Modes | Rate This Thread |
|
|
|
|
|