FUDforum
Fast Uncompromising Discussions. FUDforum will get your users talking.

Home » Imported messages » comp.lang.php » php code
Show: Today's Messages :: Polls :: Message Navigator
Return to the default flat view Create a new topic Submit Reply
Re: php code [message #177419 is a reply to message #177415] Mon, 26 March 2012 20:49 Go to previous messageGo to previous message
Denis McMahon is currently offline  Denis McMahon
Messages: 634
Registered: September 2010
Karma:
Senior Member
On Mon, 26 Mar 2012 08:05:29 -0700, shaurya077 wrote:

> if($_SERVER["REQUEST_METHOD"]=="POST") {
> $myusername=addslashes($_POST['user_name']);
> $mypassword=addslashes($_POST['pass_word']);
>
> $sql="select id from userinformation WHERE username='$myusername' and
> password='$mypassword' ";

ewwwwww.

at the very least, store some sort of hash of the p/w, and not the pw
itself.

eg:

saving password, take the md5 sum of the password and store it.
reading password, take the md5 of the given password and check that
against the db.

Rgds

Denis McMahon
[Message index]
 
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Previous Topic: Sharetext
Next Topic: Import values from XML file
Goto Forum:
  

-=] Back to Top [=-
[ Syndicate this forum (XML) ] [ RSS ]

Current Time: Mon Nov 25 21:08:39 GMT 2024

Total time taken to generate the page: 0.04503 seconds