davidhopkins
06-22-2010, 10:08 AM
Hello All,
I have a php script that i use along with a flex front end. I have become a little stuck with my script thou.
The code is as follows
<?php
$hostname_conn = "localhost";
$username_conn = "";
$password_conn = "";
$conn = mysql_connect($hostname_conn, $username_conn, $password_conn);
mysql_select_db("videochat");
//mysql_real_escape_string POST'ed data for security purposes
$user = mysql_real_escape_string($_POST["user"]);
$pass = mysql_real_escape_string($_POST["pass"]);
//a little more security
$code_entities_match = array('--','"','!','@','#','$','%','^','&','*','(',')','_','+','{','}','|',':','"','<','>','?','[',']','\\',';',"'",',','.','/','*','+','~','`','=');
$user = str_replace($code_entities_match, "", $user);
$pass = str_replace($code_entities_match, "", $pass);
$query = "SELECT * FROM usernames WHERE username = '$user' AND password = '$pass'";
$result = mysql_query($query);
$logged = mysql_num_rows($result);
if ($logged == 1)
{
echo "<status>true</status>";
}
else
{
echo "<status>false</status>";
}
?>
My database has three fields, "username" "password" and "level"
Now at the moment my scirpt ignores the third field "level" and allows log in if their data is in the database "username" and "password". Now what i want to be able to do, is when the script returns the value <status>true</status> i would also like to return the value of the "level" field for that given user, could anyone help me out with this please?
I have a php script that i use along with a flex front end. I have become a little stuck with my script thou.
The code is as follows
<?php
$hostname_conn = "localhost";
$username_conn = "";
$password_conn = "";
$conn = mysql_connect($hostname_conn, $username_conn, $password_conn);
mysql_select_db("videochat");
//mysql_real_escape_string POST'ed data for security purposes
$user = mysql_real_escape_string($_POST["user"]);
$pass = mysql_real_escape_string($_POST["pass"]);
//a little more security
$code_entities_match = array('--','"','!','@','#','$','%','^','&','*','(',')','_','+','{','}','|',':','"','<','>','?','[',']','\\',';',"'",',','.','/','*','+','~','`','=');
$user = str_replace($code_entities_match, "", $user);
$pass = str_replace($code_entities_match, "", $pass);
$query = "SELECT * FROM usernames WHERE username = '$user' AND password = '$pass'";
$result = mysql_query($query);
$logged = mysql_num_rows($result);
if ($logged == 1)
{
echo "<status>true</status>";
}
else
{
echo "<status>false</status>";
}
?>
My database has three fields, "username" "password" and "level"
Now at the moment my scirpt ignores the third field "level" and allows log in if their data is in the database "username" and "password". Now what i want to be able to do, is when the script returns the value <status>true</status> i would also like to return the value of the "level" field for that given user, could anyone help me out with this please?