Forum Moderators: coopster
<?php
$conn=odbc_connect('league','','');
$me=$_REQUEST['username'];
$pass=$_REQUEST['password'];
if (!$conn)
{
exit(
"Connection Failed: " . $conn);
}
$sql="SELECT * FROM users WHERE username = '$me' AND password = '$pass'";
$rs=odbc_exec($conn,$sql);
if (!$rs)
{
exit("Error in SQL");
}
while (odbc_fetch_row($rs))
{
$username=odbc_result($rs,"username");
$password=odbc_result($rs,"password");
if ($username == $me && $password == $pass)
{
setcookie ("username", $username,time()+3600);
header ('location: index.php');
}
else
{
header ('location: error.php');
}
}
odbc_close($conn);
;?>
my question is this, what does that part do?! if i remove the while loop then it still works fine! Therefore why is it used?! thanks
I hope this helps.
Otherwise it is unsafe.
Eg.There was once a user jake with pass jake. But then there came another user jake with pass jacob.
Your code will allow both of the users to login, whether it shouldn't usually be possible.
While is a loop and is being done as long as value in brackets is true.
Hope it cleared the topic a little!
If you wanted to return more than one row, you would use a while loop. As Salsa mentioned, its not needed for returning one row. If you had say 10 rows, a while loop would execute until all rows are fetched. In this case, 10 times. ie: 10 loops.
dc
