Do you mean this is the right code :
The code overall looks right, but you set $Serial twice... first you do:
$Serial = $_GET['Serial'];
Then you do:
$Serial = htmlspecialchars($row[0]);
Then you set $UserSerial to $row[1] (the same as the Password column).
So, when you compare $Serial to $UserSerial, you are really comparing it like this:
if (htmlspecialchars($row[0]) == $row[1])
If that's what you're trying to do, then you're good. But, if you're trying to compare $UserSerial with the serial variable in $_GET, then you need to only do the following:
$Serial = $_GET['Serial']; $UserSerial = $row[0]; if ($Serial == $UserSerial)
Then, that should at least compare the serial field from the database with the serial variable in $_GET.
-Ben
-- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
