Results 1 to 3 of 3

Thread: validation ?

  1. #1
    Join Date
    Mar 2004
    Location
    Malaysia
    Posts
    29

    Unanswered: validation ?

    May I know how to validate username and passwords from MySQL using Perl via website ?

  2. #2
    Join Date
    Jan 2004
    Location
    Germany
    Posts
    167
    Code:
    [... parse parameters from HTML-form, connect to database...]
    my $statement = "SELECT user,passwd FROM table WHERE user = '$param{user}';";
    my $sth = $dbh->prepare($statement);
    $sth->execute();
    my ($db_user,$db_pwd) = $sth->fetchrow_array();
    if($db_pwd eq $params{password}){
      print "You're logged in";
    }
    else{
      print "Login failed";
    }
    [... do other things ...]
    board.perl-community.de - The German Perl-Community

  3. #3
    Join Date
    Apr 2004
    Posts
    16
    my $statement = "SELECT user,passwd FROM table WHERE user = '$param{user}';";
    my $sth = $dbh->prepare($statement);
    $sth->execute();
    a few things
    1) use placeholders so you are not passing untrusted (user) data straight into your database.

    Code:
    my $sth = $dbh->prepare( "SELECT user,passwd FROM table WHERE user = ?")
    $sth->execute( $username );
    notice the use of the '?'
    http://search.cpan.org/~timb/DBI-1.4...nd_Bind_Values

    2) let the database do all the work
    Code:
    my $sth = $dbh->prepare("SELECT 1 FROM table WHERE user = ? AND passwd = ?");
    $sth->execute( $username, $password );
    3) dont store passwords in plaintext if you can help it
    mysql has the password() function, its best to compare encrypted values and never store the plaintext.
    perl -le 'print reverse reverse "just another perl hacker"'
    wush.net subversion hosting - remote hosted revision control with easy admin, ssl security & backups

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •