Thanks that did the trick.
Robert Roggenbuck wrote:
> At first assure that the correct values come from the database (see
> below). May be that's enough...
>
> Greetings
>
> Robert
>
>
> Adam Jimerson schrieb:
> [snip]
>> if (param) {
>> form_verify (@user);
>> print "Username: $user[0]\n<br />Password: $user[1]<br />\n"; #use
for
>> debugging my $sth = $dbh->prepare("SELECT * FROM Users WHERE
'UserName' =
>> '$user
>> [0]' AND 'Password' = '$user[1]'"); #check that username and
password
>> [exist and match
> Better to replace '*' with the field name You need, do not quote
field
> names, use placeholders and include only UserName in the WHERE-
clause:
>
> "SELECT Password FROM Users WHERE UserName = ?"
>
>> $sth->execute();
> Then the execute() must look like:
>
> $sth->execute($user[0]);
>
>> my @Login = $sth->fetchrow_array();
> Now better say:
> my ($pw) = $sth->fetchrow_array();
>
>> $sth->finish();
>> if (($Login[2] eq "$user[0]") && ($Login[3] eq "$user[1]")) {
> Just:
>
> if ($pw eq "$user[1]") {
>
>> print "<p>Hello $user[0]!</p>\n"; #debugging use only, will add on
>> later
>> } else {
>> print "<p>Login Failed!</p>\n";
>> print "Username: $user[0]\n<br />Password: $user[1]\n"; #use for
>> debugging
>> }
>> } else {
>> print start_form;
>> print_form();
>> print end_form, "\n";
>> }
>>
> [snip]
--
"We must plan for freedom, and not only for security, if for no other
reason than only freedom can make security more secure." Karl Popper