Home/ Questions/Q 7775411
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-01T17:37:28+00:00

When you authenticate registered users you make request e.g. one examples i found: $user

  • 0

When you authenticate registered users you make request e.g. one examples i found:

$user = $_POST['user'];
$pw = $_POST['password'];

$sql = "SELECT user,password FROM users 
    WHERE user='$user' 
    AND password='$pw' 
    LIMIT 1";
$result = mysql_query($sql);

if (mysql_num_rows($result)){
    //we have a match!
}else{
    //no match
}

Now what would be the benefit or any point of having LIMIT 1 at the end?
And why you need to select user and password when you can just select user_id?

Would not the 

SELECT user_id FROM users
WHERE user = '{$user}'
AND password = '{$pw}'

be same exact logistics but shorter code?

EDIT: thinking about this little detail made me find one more check to prevent hackers.
There should not be more than one user with same email and password so if they somehow supply instead of password 123 e.g. string ' OR password = '*' (or similar logics) this will compromise my query, having no limit would help because next step i can count 

if (count($result) > 1) {
   echo "we got hacked";
else 
   <proceed...>
Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    Most likely, you will have a unique user column, so LIMIT 1 is not necessary – you won’t have more than 1 row anyway.

    In this case, it might be a decorative element – self explaining syntax to tell a programmer that reads a code, that query is expected to return no more than one row.

    Aside from your question, I would strongly recommend to use some password encryption, for example MD5(). A tutorial that teaches you to store a plain passwords is not the best one…

    • 0