Reduntant code in a log in script?

I have a login script that I found on some page a while ago, and while looking at the code that checks if the user is valid, it seems that a small amount of the code is redundant.

$qry = "SELECT username FROM users WHERE ".
"username = '". $username ."' AND password = '" . md5($password) . "'";
$result = mysql_query($qry);
if(mysql_num_rows($result) == 1) {
    while($row = mysql_fetch_assoc($result)) {
        $_SESSION['USERNAME'] = $username;
        $_SESSION['PASSWORD'] = $password;
    }
    session_write_close();
    header("location: memberpage.php");
} else { .... }

To me, the while-loop seems redundant since the if-code already checks if the user is valid (1 row returned). Can I just remove the while-loop and get the same result or is should i be there like some sort of extra security to really check that the number of rows are valid?

Answers


Yes it is absolutely redundant, you can safely remove the while loop. As for security for your queries, check out:


No need of while loop, if there is no result then if condition fails


 $result=db_query("SELECT username FROM users WHERE ".
  "username = '". $username ."' AND password = '" . md5($password) . "'");
 $res=db_fetch_array($result);
if(isset($res['username']))
{
   $_SESSION['USERNAME'] = $username;
    $_SESSION['PASSWORD'] = $password;

 }

Need Your Help

Console.Read() and Console.ReadLine() problems

c# .net console-application

I have been trying to use Console.Read() and Console.ReadLine() in C# but have been getting weird results. for example this code