Home/ Questions/Q 8072153
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-05T13:55:37+00:00

I have a login script that I found on some page a while ago,

  • 0

I have a login script that I found on some page a while ago, and while looking at the code that checks if the user is valid, it seems that a small amount of the code is redundant.

$qry = "SELECT username FROM users WHERE ".
"username = '". $username ."' AND password = '" . md5($password) . "'";
$result = mysql_query($qry);
if(mysql_num_rows($result) == 1) {
    while($row = mysql_fetch_assoc($result)) {
        $_SESSION['USERNAME'] = $username;
        $_SESSION['PASSWORD'] = $password;
    }
    session_write_close();
    header("location: memberpage.php");
} else { .... }

To me, the while-loop seems redundant since the if-code already checks if the user is valid (1 row returned). Can I just remove the while-loop and get the same result or is should i be there like some sort of extra security to really check that the number of rows are valid?

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    Yes it is absolutely redundant, you can safely remove the while loop. As for security for your queries, check out:

    • 0