|
|
|
|
|
|
by slinkyavenger
4480 days ago
|
|
|
Everyone's already covered how this is absolutely wrong, but I wanted to add that a second query is not appropriate, either. You'd want your query to be something like SELECT
password_hash = {password_hash} AS authenticated
FROM accounts
WHERE email = {email} That way you'd be able to tell based on your result set whether the user exists, and if so if their password is valid. All with one query. But, again, you shouldn't do this. |
|
|