On Dec 10, 10:12 am, [EMAIL PROTECTED] (Matthew Hellman) wrote: > > I'm throwing the last one in there even though I don't see any sort of login > actually occurring. Am I missing something? Where are you validating the > password? What is the purpose of the strip_string function? I see all sorts > of problems with that function. In general, once you start using prepared > statements and bind variables in your SQL...you shouldn't have to monkey with > the username/password strings. Also, I would recommend using Firefox with > the "web developer", "tamperdata", and "Live HTTP Headers" add-ons for all > your development work. It makes debugging these sorts of things much easier. > For example, you could quickly rule out a client-site HTML/Javascript issue. > Thank you, Matt, for your input and suggestions...they are much appreciated and very helpful.
No, you weren't missing anything regarding the login. I hadn't done anything with it because I found these arbitrary numbers being passed on the end of the password field's value. I figured that no password was ever going to match with this going on, so why bother doing any login functions at this time. I'm going to put into practice everything you mentioned with taint checking and stopping the processing of SQL or HTML code that may be passed. I appreciate your input on that topic. I'm also going to review the links you posted regarding binding variables in my SQL. I've been looking for how to do that as well, though I didn't want to confuse my post with that, on top of the password problem. Again, thank you for your valuable input. I truly appreciate your time. Cheers, Sean C. PekinSOFT Systems -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] http://learn.perl.org/
