PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!
hello again... yet another problem with my mysql syntax... this code appears to work as in there are no errors however when it echos the variable $check_user it echos "resource id #2" im not sure why it is echoing this.
The code is vulnerable to SQL Injection on both fields, and doesn't in fact check for password validity. mysql_real_escape_string() and AND `password`='$sPassword' will help.
aceconcepts is right when you need to return something. "resource id #2" indicates that a result set has been found... In otherwords your SQL is correct. Here are some useful links... mysql_fetch_assoc (my preference) mysql_fetch_array almost the same as the first but not quite
The examples cover the complete send query->fetch results methodology
Mordred is also right that you have no security here. Read this link mysql_real_escape_string. It gives an example of what is known as an SQL injection attack. You should never trust any information coming from users, either in $_GET or $_POST. Bear in mind $_GET is easily modified. An example is an id.. Edit ID 10 which could for example have a link http://www.mypage.com/edit.php?id=10. Someone can easily change the 10 to another item and potentially change something which they should have no access to. $_POST values are more secure but not infallible. It is relatively easy to change form values sent if you know what you are doing but normally requires an active effort unlike the $_GET value.