View Single Post
Old June 17th, 2006, 05:35 AM  
Kiros
Retired Administrator
 
Kiros's Forum Picture
 
Name: Ben
Join Date: May 22, 2004
Location: Albany, LA - USA
Age: 28
Gender: Male
Blog Entries: 17
Default Re: PHP help, please.

At first glance, it looks Ok...

However, you might want to consider testing it on a secret page so that no one can try anything malicious.

But, if that does actually query the database correctly, and it gets you to login, I can still ensure you that it's not a very secure method at all. If you do set it up and give me the link, I could easily use an SQL injection - wouldn't even have to be a blind injeciton.

I recommend setting up a object-oriented login. Found this link that shows what to do and everything's implemented very well for a public script.

http://www.devshed.com/c/a/PHP/Creat...-Login-Script/

But if you only need a login to identify people, then that might not be worth the effort. However, if you use it for any kind of administrativ perposes, you should use the one I linked.

Kiros || Ben

Happiness is not about being perfect.
It is about seeing beyond the imperfections.
Kiros is offline