Re: DBI & MySQL Login Test


go ahead... be a heretic
	PerlMonks

Re: DBI & MySQL Login Test

by astroboy (Chaplain)

on Aug 25, 2009 at 04:03 UTC ( #790973=note: print w/ replies, xml )

Need Help??

in reply to DBI & MySQL Login Test

If you're checking logins against a user table, you could count the number of rows that match your u/p combination

my $sql = q{
   select count(*) 
   from app_users 
   where username = ? and 
         password = ?
};

if (($dbh->selectcol_arrayref($sql, undef, $username, $password)->[0] 
+== 1) {
   # We've logged in
} else {
   # login error
}
[download]

Of course, you probably shouldn't store your passwords in plain text. Assuming you've got some sort of one way encryption going on (using Perl's crypt, or a MD5 or SHA module), you could simply replace the test with

if (($dbh->selectcol_arrayref($sql, undef, $username, my_crypt_call($p
+assword))->[0] == 1) 
[download]

By the way, don't interpolate variables in your SQL, or you'll make your login susceptible to a SQL injection attack. Always use placeholders

Update: corrected syntax

Comment on Re: DBI & MySQL Login Test Select or Download Code

In Section Seekers of Perl Wisdom

Node Status^?

node history
Node Type: note [id://790973]
help

Chatterbox^?

How do I use this? | Other CB clients

Other Users^?

Others wandering the Monastery: (9)

As of 2013-05-20 11:43 GMT

Sections^?

Information^?

Find Nodes^?

Leftovers^?

Voting Booth^?

The best material for plates (tableware) is:

Results (411 votes), past polls