Hi
Is this a secure way to check a user log in?
SQL = "SELECT * FROM [users] WHERE [user] = '" & trimVars("user") & "' AND [view] = TRUE;"
set mySQL = Conn.Execute(SQL)
on error resume next
IF mySQL("password") = trimVars("password") THEN
session("ID") = mySQL("ID")
session("userID") = mySQL("ID")
session("name") = mySQL("firstname") & " " & mySQL("lastname")
session("email") = mySQL("email")
...
END IF
Thanks
Lizzi
Is this a secure way to check a user log in?
SQL = "SELECT * FROM [users] WHERE [user] = '" & trimVars("user") & "' AND [view] = TRUE;"
set mySQL = Conn.Execute(SQL)
on error resume next
IF mySQL("password") = trimVars("password") THEN
session("ID") = mySQL("ID")
session("userID") = mySQL("ID")
session("name") = mySQL("firstname") & " " & mySQL("lastname")
session("email") = mySQL("email")
...
END IF
Thanks
Lizzi