02-07-2008, 04:48 PM
|
#9 (permalink)
|
|
The Contributor
Join Date: Jan 2008
Location: Birmingham, UK
Posts: 60
Thanks: 10
|
Quote:
Originally Posted by xperience
I'm pretty sure it's a bad idea to SELECT * when just verifying a username and a password. I would just SELECT the fields you need that way there is no way someone could gain access to a password.
PHP Code:
$query = mysql_query("SELECT rank FROM `cms` WHERE `username` = '".$_POST['username']."' AND `password` = '".$_POST['password']."'");
|
Or you could select all and unset password if you're that way inclined.
PHP Code:
<?php
// ...
unset($row['password']);
?>
Hopefully you wouldn't be storing plaintext password's in the first place though ;) |
|
|
|