Re: nooB PhP login using MySQL
- From: Geoff Berrow <blthecat@xxxxxxxxxxx>
- Date: Fri, 30 Mar 2007 10:53:09 +0100
Message-ID: <memo.20070330102052.1440B@xxxxxxxxxxxxxxxxxxxxx> from Rafe
Culpin contained the following:
The process is to take the supplied username and password and do a
database query to see if there is a row containing that combination. Of
course, this presupposes that you ensured that the combination was
unique before storing in the database. If a row is found the log in is
successful.
*IMPORTANT*
Before doing this and putting it on a public site, google "SQL injection
attack" (with quotes) and make sure you understand the implications and
have guarded against them. If you do not do this an attacker can run
arbitrary SQL commands on your database.
Quite, I only intended to give an overview. No user input should be
trusted. The use of mysql_real_escape_string is now second nature to me
and I forgot to mention it.
--
Geoff Berrow (put thecat out to email)
It's only Usenet, no one dies.
My opinions, not the committee's, mine.
Simple RFDs http://www.ckdog.co.uk/rfdmaker/
.
- References:
- Re: nooB PhP login using MySQL
- From: Geoff Berrow
- Re: nooB PhP login using MySQL
- From: Rafe Culpin
- Re: nooB PhP login using MySQL
- Prev by Date: Re: What is the learning curve for PHP?
- Next by Date: Re: Encoding/characterset/font family confusion
- Previous by thread: Re: nooB PhP login using MySQL
- Next by thread: In case you need it....
- Index(es):
Relevant Pages
|
