At first assure that the correct values come from the database (see below).
May be that's enough...
Greetings
Robert
Adam Jimerson schrieb:
[snip]
if (param) {
form_verify (@user);
print "Username: $user[0]\n<br />Password: $user[1]<br />\n"; #use for
debugging
my $sth = $dbh->prepare("SELECT * FROM Users WHERE 'UserName' = '$user
[0]' AND 'Password' = '$user[1]'"); #check that username and password exist and
match
Better to replace '*' with the field name You need, do not quote field names,
use placeholders and include only UserName in the WHERE-clause:
"SELECT Password FROM Users WHERE UserName = ?"
$sth->execute();
Then the execute() must look like:
$sth->execute($user[0]);
my @Login = $sth->fetchrow_array();
Now better say:
my ($pw) = $sth->fetchrow_array();
$sth->finish();
if (($Login[2] eq "$user[0]") && ($Login[3] eq "$user[1]")) {
Just:
if ($pw eq "$user[1]") {
print "<p>Hello $user[0]!</p>\n"; #debugging use only, will add
on
later
} else {
print "<p>Login Failed!</p>\n";
print "Username: $user[0]\n<br />Password: $user[1]\n"; #use
for
debugging
}
} else {
print start_form;
print_form();
print end_form, "\n";
}
[snip]
--
To unsubscribe, e-mail: beginners-cgi-unsubscr...@perl.org
For additional commands, e-mail: beginners-cgi-h...@perl.org
http://learn.perl.org/
