mysql problem

Anon

I'm trying to use an authencation method with php/mysql.

The user fills in 3 fields in the form:

$username
$password
$id

I want the mysql database to search for a matching username. Then check if the id and password match. Print out another 3 variables.

$db_username
$db_password
$db_id

then use an if statement to check if all of them match. If so, then the person is allowed in. This is the method I want to use.

The database is called Secure_Db and the table is called Secure_Tb

here is what I have but it doesn't work...

$auth = "SELECT db_username FROM Secure_Tb WHERE db_password = '$pw' AND db_id = '$id'";

if ($username == "$db_username" && $password == "$db_password" && $id == "$db_id") {
header("Location: http://www.securezone.com");
} else {
header("Location: http://www.notsecure.com");
}

Anon

You could try doing it the following way

[Not actual code]
select * from <tbl_name> where $username='db_user' && userpass='db_pass' && $id='$db_id'

than check how many rows are returned..if 1 row is retured that means all the fields have been matched and therefore the user is allowed to login

jariizumi

As much as possible, don't send sensitive information in raw text. Remember that mysqld.log contains an exact list of all your queries 😉

The suggested way of doing this is to search for the unique column. For example, if the username is unique (hopefully, right?), then the WHERE clause would only contain "username = '$username'". Then the row should be fetched, make sure your variables are properly assigned (since you're skipping that step in your message), and do your
if ($username == $db_username && $password == $db_password && $id == $db_id)
after that. That should work. I would print those three variables to make sure that they are clearly assigned, etc. Hope this helps.

Anon

password , You will use function
passwd($db_password). i forget name of function password. It will success in future... good luck

Anon

can you write me the code, i'm a little bit confused with mysql.