trying to secure my login data being sent to mysql safetly

[jasonc]

the first two codes are what i have got from another project i worked on but i can not login in now using them.

 

i get my error message that the login failed.

i have also tried to echo the query and get this following.

 

SELECT * FROM `users` WHERE `username` = 'myuser' AND binary `passwordfield` = 'mypassword' LIMIT 1

 

can anyone see why this is not working?

 

  function db_query($query, $link = 'db_link') {
    global $$link;

    $result = mysql_query($query, $$link) or db_error($query, mysql_errno(), mysql_error());
    return $result;
  }


//Add slashes to incoming data
  function db_input($string, $link = 'db_link') {
    global $$link;

    if (function_exists('mysql_real_escape_string')) {
      return mysql_real_escape_string($string, $$link);
    } elseif (function_exists('mysql_escape_string')) {
      return mysql_escape_string($string);
    }

    return addslashes($string);
  }

 

$username = strtolower(trim($_POST['name']));
$password = trim($_POST['password']);
$sql = "SELECT * FROM `users` WHERE `username` = '".db_output($username)."' AND binary `passwordfield` = '".db_output($password)."' LIMIT 1";
db_query($sql);

 

 

 

my original code was just this...

// $res = @mysql_query("SELECT * FROM `users` WHERE `username` = '".$username."' AND binary `passwordfield` = '".$password."' LIMIT 1") or die(mysql_error());

which works but i have found is not very secure

 

so the two codes at the top are what i have used from another project i had once.

 

but for some reason the login does not work.

 

i get my login failed error mesages.

[fenway]

Define "not working" -- and you shouldn't be sending passwords in plaintext.