Please do not top post. On Monday 06 September 2004 06:53, Dre wrote:
As well as what everybody else has said ... > $username = trim(addslashes($_POST['user_name'])); > $pass = trim(addslashes($_POST['password'])); addslashes() is not needed as you're performing SELECT query and not an INSERT query. > $sql = "SELECT * FROM members_webdata WHERE user_name='".$username."' > AND password='".$pass."'"; $sql = "SELECT * FROM members_webdata WHERE user_name='$username' AND password='$pass'"; Much easier on the eyes. -- Jason Wong -> Gremlins Associates -> www.gremlins.biz Open Source Software Systems Integrators * Web Design & Hosting * Internet & Intranet Applications Development * ------------------------------------------ Search the list archives before you post http://marc.theaimsgroup.com/?l=php-general ------------------------------------------ /* Of course you have a purpose -- to find a purpose. */ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php