On Tuesday, March 5, 2002, at 06:54 AM, Matthew Darcy wrote:
> $sql_authorisation = "SELECT * FROM account_details WHERE
> account_name='$login_username' AND
> account_password=PASSWORD'$login_password')";
> $sql_authorisation_result = mysql_query($sql_authorisation);
>
> I then register 2 session variables $login_username and $login_password
>
> I would like to register a session variable from the select * I did
> earlier
> from the field user_level in the select statment
>
> so session register $user_auth_level='user_level'
>
> is this the correct way to do this ???
For a bit more security:
1) Construct your SQL statement so that it returns the specific columns
you want, i.e. SELECT account_name, account_password WHERE
account_name='$login_username' AND
account_password=PASSWORD('$login_password')";
2) If you are using PHP4.1 or later, you don't have to use
session_register(), you can just create a session variable in the
$_SESSION array, like
$_SESSION['login_name'] = $login_username;
$_SESSION['login_pw'] = $login_password;
3) if you want to register a session variable for the field 'user_level'
in the select statement, you should probably add it to the list of
things you are SELECTing from your query, and do the same thing with
this as you did with the other two session variables.
Erik
----
Erik Price
Web Developer Temp
Media Lab, H.H. Brown
[EMAIL PROTECTED]
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
