Click here to Skip to main content
15,867,453 members
Please Sign up or sign in to vote.
1.00/5 (2 votes)
here's what i have to check if a username or password exsists:

$result = $db->query("SELECT username FROM users");
$un2 = $result;
if ($un != $un2) {
$result =$db->query("SELECT password FROM users");
$pswd3 = $result;
if($pswd != $pswd3){

is there something wrong, and is there another way or a way to fix it?

Please don't be mad, I'm only 14, my highest knowledge is 8th grade middle school i start high school next year, this is my first big coding project.
Posted
Updated 26-Jun-15 8:10am
v2
Comments
[no name] 26-Jun-15 13:42pm    
Use a WHERE clause.
Member 11795345 26-Jun-15 13:50pm    
i tried that and it didn't work
[no name] 26-Jun-15 13:52pm    
Then you did it wrong.
Sergey Alexandrovich Kryukov 26-Jun-15 13:43pm    
You never should know a password. No one in sober mind ever checks if some passwords are the same. Why?
—SA
Member 11795345 26-Jun-15 13:47pm    
So that way when some one signs up for an account they don't use the same password as someone else

You should not check if a password exists in the system.
Only check for the password if you know if a user exists!
 
Share this answer
 
Comments
Sergey Alexandrovich Kryukov 26-Jun-15 14:04pm    
Agree and voted 5.
Please see my Solution 1 when I also explain why such policy would be unacceptable, because it is unsafe.
—SA
Abhinav S 26-Jun-15 14:49pm    
Thank you SA.
In addition to Solution 1: my comments to the question should explain to you why enforcing such uniqueness would be utterly unsafe.

This is because it actually discloses one of the passwords. For the simplest case, imagine that there is only one user at the moment. The second user adds the password, and it is denied because the password is not unique. This information immediately tells the second user the password of the first user. This reason along is more that enough to avoid using such "policy".

Normal practice is rejecting passwords which are not strong enough. A variant of this practice is just to warn the password owner about low strength of the password but allow it.

—SA
 
Share this answer
 
Comments
Abhinav S 26-Jun-15 14:50pm    
5.
Sergey Alexandrovich Kryukov 26-Jun-15 16:25pm    
Thank you, Abhinav.
—SA

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)



CodeProject, 20 Bay Street, 11th Floor Toronto, Ontario, Canada M5J 2N8 +1 (416) 849-8900