Ross wrote:
Thanks Colin.
Think I will do both. I can timeout the session with PHP.
Does adding mysql_real_escape_string make this secure to injection or should
I be doing something else?
if ($_POST['submitted']){
This should be
if ( isset($_POST['submitted']) ) {
This way it doesn't give you a PHP NOTICE:...
$username = mysql_real_escape_string( $_POST['username'] );
$pass = mysql_real_escape_string( $_POST['pass');
You forgot a closing bracket on that last $_POST['pass'....
$username = md5($username);
???Why md5 the $username?
Makes it difficult to work on and display later on, unless you don't use
it that way
Jim Lucas
$pass = md5($pass);
$query = "SELECT username, pass FROM login where username='$username' AND
pass ='$pass'";
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
