I am currently re-writing my functions script (PHP) for my login system. Is the below code safe and a "good" way to check if the user is logged in?
function loggedin()
{
$ID = ($_SESSION['ID']);
$sql = "SELECT `online` FROM `users` WHERE `ID` = '$ID'";
$result=mysql_query($sql);
$count=mysql_num_rows($result);
$row = mysql_fetch_array( $result );
if ( $count== 1)
{
if ($_SESSION['ID'] && $_SESSION['session_id'])
{
if ( $row['online']== 1)
return 1;
}
}
else
{
return 0;
}
}