At first assure that the correct values come from the database (see below).
May be that's enough...
Greetings
Robert
Adam Jimerson schrieb:
[snip]
> if (param) {
> form_verify (@user);
> print "Username: $user[0]\n<br />Password: $user[1]<br />\n"; #use for debugging
> my $sth = $dbh->prepare("SELECT * FROM Users WHERE 'UserName' = '$user
> [0]' AND 'Password' = '$user[1]'"); #check that username and password exist and match
Better to replace '*' with the field name You need, do not quote field names,
use placeholders and include only UserName in the WHERE-clause:
"SELECT Password FROM Users WHERE UserName = ?"
> $sth->execute();
Then the execute() must look like:
$sth->execute($user[0]);
> my @Login = $sth->fetchrow_array();
Now better say:
my ($pw) = $sth->fetchrow_array();
> $sth->finish();
> if (($Login[2] eq "$user[0]") && ($Login[3] eq "$user[1]")) {
Just:
if ($pw eq "$user[1]") {
> print "<p>Hello $user[0]!</p>\n"; #debugging use only, will add on
> later
> } else {
> print "<p>Login Failed!</p>\n";
> print "Username: $user[0]\n<br />Password: $user[1]\n"; #use for
> debugging
> }
> } else {
> print start_form;
> print_form();
> print end_form, "\n";
> }
>
[snip]
|