Secure Numeric Login



PHP Code:

$client = $_POST['client'];
$pin = $_POST['pin'];

if (is_numeric($client) && is_numeric($pin))
{
    $query = sprintf("SELECT * FROM clients WHERE id = %s AND pin = %s;",
                     mysqli_real_escape_string($connection, $client),
                     mysqli_real_escape_string($connection, $pin));

    $result = mysqli_query($connection, $query);

    if ($result->num_rows > 0)
    {
        echo "Authenticated as " . $client;

        // ...
        // $_SESSION['logged_user'] = $client;
        // ...
    }
    else
    {
        echo "Wrong client/PIN combination.";
    }
}
else
{
    echo "Client ID and PIN must be numeric values.";
}