can anyone experienced tell me why this does not work, while it should by conventions and practices in php and SQL.
$con = mysql_connect($conf['host'],$conf['user'],$conf['pass']) or die ("cannot connect");
mysql_select_db($conf['database'])or die("cannot select DB");
$sql = mysql_query("SELECT * FROM `user` WHERE `username` = '$g_Username'");
if (!$sql)
{
die("query failed: " . msql_error());
}
while($row = mysql_fetch_array($sql, MYSQL_ASSOC ))
{
$salt = $row['salt'];
$md5_pass = MD5(md5($g_Password) . $salt);
if( $g_Username == $row['username'] && $md5_pass == $row['password'] )
{
print("g_userOk ");
addLog("$g_Username Authenticated");
}
}
mysql_close();