[eluser]KingSkippus[/eluser]
Don't worry about it, we've all banged our heads over something like that before.
I will suggest, however, that this would be safer (correcting the name of the table, of course):
Code:
$query = "SELECT user_id,user_name,user_lastname,user_username '.
'FROM user WHERE user_username = ? AND user_password = ?';
$do = $this->db->query($query, array($username, $password));
And the security-conscious part of me is also bristling, wondering if you are storing passwords in cleartext in the database. If so, I
highly suggest encrypting them in some way. For example, when you store the password, store it using hash('sha256', $password) instead of just $password, and use the following query instead of the above one:
Code:
$query = "SELECT user_id,user_name,user_lastname,user_username '.
'FROM user WHERE user_username = ? AND user_password = ?';
$do = $this->db->query($query, array($username, hash('sha256', $password)));
It's really easy and your users will probably appreciate you taking that extra little step to protect them in case your database gets compromised.
This is especially important if you are using a database server other than localhost; anyone with a sniffer on any switch or router between your web server and database server would be able to yank passwords right off the wire. Also, if you want to be even a little more security-conscious, salt the password so that if someone compromises your server and obtains your database, they can't use so-called "rainbow tables" to discover a big chunk of passwords. To do that, store, for example, a random sixteen-character string as a field called "salt," store passwords as hash('sha256', $salt.$password) instead of just $password, and use the following query:
Code:
$query = "SELECT user_id,user_name,user_lastname,user_username '.
'FROM user WHERE user_username = ? AND user_password = ?';
$do = $this->db->query($query, array($username, hash('sha256', $salt.$password));