TalkPHP - View Single Post

xperience · 01-29-2008, 11:00 PM

I'm pretty sure it's a bad idea to SELECT * when just verifying a username and a password. I would just SELECT the fields you need that way there is no way someone could gain access to a password.

PHP Code:


			
$query = mysql_query("SELECT rank FROM `cms` WHERE `username` = '".$_POST['username']."' AND `password` = '".$_POST['password']."'");

01-29-2008, 11:00 PM	#8 (permalink)
xperience The Wanderer Join Date: Dec 2007 Posts: 18 Thanks: 2	I'm pretty sure it's a bad idea to SELECT * when just verifying a username and a password. I would just SELECT the fields you need that way there is no way someone could gain access to a password. PHP Code: $query = mysql_query("SELECT rank FROM `cms` WHERE `username` = '".$_POST['username']."' AND `password` = '".$_POST['password']."'");