|
|
Posted by Rafe Culpin on 03/30/07 09:20
In article <u0cp03562monb4e54ets3488i3eems6acc@4ax.com>,
blthecat@ckdog.co.uk (Geoff Berrow) wrote:
> The process is to take the supplied username and password and do a
> database query to see if there is a row containing that combination. Of
> course, this presupposes that you ensured that the combination was
> unique before storing in the database. If a row is found the log in is
> successful.
*IMPORTANT*
Before doing this and putting it on a public site, google "SQL injection
attack" (with quotes) and make sure you understand the implications and
have guarded against them. If you do not do this an attacker can run
arbitrary SQL commands on your database.
--
To reply email rafe, at the address cix co uk
Navigation:
[Reply to this message]
|