[X]
<?php
// ...
if (isset($_POST['user']) && isset($_POST['pass'])) {
$user = sqlite_escape_string($_POST['user']);
$pass = sqlite_escape_string($_POST['pass']);
$query = "SELECT username, admin FROM members
WHERE username='$user' AND password='$pass' LIMIT 1";
if ($result = $db->query($query)) {
$user = $db->fetch();
if ($user) {
// ...
} else {
// ...
}
}
}
// ...
if (isset($_REQUEST['q'])) {
$q = '%' . $_REQUEST['q'] . '%';
$query = "SELECT username FROM members
WHERE username LIKE '$q'";
if ($result = $db->query($query)) {
while ($obj = $db->fetch()) {
printf("%s<br/>", $obj->username);
}
$result->close();
}
}
?>