PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!
First of all, be careful because your code is far far insecure. Make a search of sqlIngjection
Then take a look @ http://www.php.net/mysql_real_escape_string mysql_real_escape_string()
//Assuming $password is a POST info string and is already posted
$password = (string)$_POST['password'];
$query = "SELECT * FROM `members` WHERE `password` = '".$password."' ";
// are you shure you want to retrieve al inf from that member using * ? I suggest to ask only what you need
$result1 = mysql_query($query) or die("Can't execute insert query: " . mysql_error());
$row = mysql_fetch_array($result1);
$passwordcheck = $row['password'];
try something like that
by the way, are you storing password as unencrypted plain text? beware man
Thanks for the help, will try it in a second. And that was a segment code code just to retrieve the data, it does all the injections and md5'ing elsewhere in the scipt
Also should i do the injections(stripslashes etc) before or after that query?
Last edited by oscardog on Tue Nov 04, 2008 9:59 am, edited 1 time in total.