Posted by frizzle on 05/05/06 00:15

Rafe Culpin wrote:
> In article <1146739267.490563.178550@y43g2000cwc.googlegroups.com>,
> phpfrizzle@gmail.com (frizzle) wrote:
>
> > I need a login system for some 'private' pages.
> > Users should be pulled from a mysql DB.
>
> > Now, what i wonder is, WHAT SHOULD I DO? I really don't know
> > where to start anymore because there are so much do's and dont's
> > on this ...
>
> First of all, google "SQL injection attack" and make certain that you
> understand what this is and how to block it. This attack would not only
> let anyone read all the passwords, it might (depending on your setup) let
> them trash your database.
>
> --
> To reply email rafe, at the address cix co uk

AFAIK using mysql_real_escape_string deals with that in all cases
if i parse any input through that... Thanks for reminding though how
important that is!

What i mean, is *globally* what path to walk to get where i want, what
system
/structure to use, because as i said, there are so much do's and
dont's.

E.g. should i use and sessions, ip validating, cookies (remember me)
and
mysql table with logged users, or what?

Frizzle.

[Back to original message]