12345678910111213141516171819202122 |
- <?php
-
- namespace Blog\DB;
-
- use Blog\DB\DB;
-
- class User extends DB
- {
- public function checkUserPass($user, $pass)
- {
- // TODO : SQL injection attack!
- $sql = "SELECT count(*) as count FROM users WHERE username = '" . $user . "' AND password = '" . $pass . "';";
- $ret = $this->query($sql);
- $rows = $ret->fetchArray(SQLITE3_ASSOC);
- $rowcount = $rows['count'];
- if ($rowcount == 1) {
- return true;
- } else {
- return false;
- }
- }
- }
|