[thelist] best way to check for valid user/password in PHP
Jason Handby
jasonh at pavilion.co.uk
Thu Jan 9 13:37:01 CST 2003
> I'm having a bit of trouble with checking vs. a valid username and
> password in my PHP script. The password check seems to work but the
> username check does not. Here is my code:
Why not do
SELECT password, username FROM reguser WHERE username = '$username' AND
password = '$password'
and then just see if any records are returned? Then you can have one message
for failed logins that just says "either the username or password you
entered was incorrect".
I'd say it was good security practice not to distinguish between bad
username and bad password as far as user feedback is concerned. The less
information you give them about why they can't log in the better!
Jason
More information about the thelist
mailing list