I have a login script that I found on some page a while ago, and while looking at the code that checks if the user is valid, it seems that a small amount of the code is redundant.
$qry = "SELECT username FROM users WHERE ".
"username = '". $username ."' AND password = '" . md5($password) . "'";
$result = mysql_query($qry);
if(mysql_num_rows($result) == 1) {
while($row = mysql_fetch_assoc($result)) {
$_SESSION['USERNAME'] = $username;
$_SESSION['PASSWORD'] = $password;
}
session_write_close();
header("location: memberpage.php");
} else { .... }
To me, the while-loop seems redundant since the if-code already checks if the user is valid (1 row returned). Can I just remove the while-loop and get the same result or is should i be there like some sort of extra security to really check that the number of rows are valid?