Topic: Login Script - Best Practice (Page 1 of 1) |
|
---|---|
Nervous Wreck (II) Inmate From: |
posted 01-08-2009 23:58
Hey, just trying to tighten the security of a login script I wrote and been reading a lot of different scripts but couldn't really find the best practices. One thing I have noticed was that many scripts were varifying $_POST vars directly from post such as code: SELECT * FROM eg WHERE user='$_POST[user]' AND pass='sha1/md5($_POST['pass'])'
|
Paranoid (IV) Inmate From: cell 3736 |
posted 01-09-2009 08:58
The example you gave is basically the worst possible practice. quote:
|
Nervous Wreck (II) Inmate From: |
posted 01-09-2009 09:12
thanks arthurio, that's one of the articles/example I'm digging through right now, I'm combining about 4 different things right now but was really wondering about the grabbing of vars, thanks =) |