I'm trying to create a site that has logins and stores the login information in the user's session data. Basically self taught PHP from PHP for Dummies and then Learning PHP 5 from O'Reilly. Here is the code snippet from a function I've written for validating whether the information submitted in the login box exists and matches whats stored in the mysql database. Just wondering from people who know better than I if this looks like it should work (I haven't created the Tables and whatnot yet) or if I'm just headed in the wrong direction:
//Query the database to make sure username/password entered are valid and matchup
$sql2 = "SELECT userName FROM Users WHERE userName='$_POST[username]' AND passWord='$_POST[password]'";
$sql3 = "SELECT passWord FROM Users WHERE userName='$_POST[username]' AND passWord='$_POST[password]'";
$result1 = mysql_query($sql2);
$result2 = mysql_query($sql3);
$users = array('$result1' => '$result2');
//Makes sure username is valid
if (! array_key_exists($_POST['username'], $users))
{
$errors[] = 'Please enter a valid username and password.';
}
return $errors;
}