--- Jeff McKeon <[EMAIL PROTECTED]> wrote:
> Well both variables $userid and $userpassword are bounced off of a
> user database table, if the username/password don't match then the
> session variables are cleared with a session_destroy() call. Is that
> a good enough validation?
Yes, as long as you realize that you have now shifted the trust to those values
in the database. As long as there is no way for a user to inject malicious code
during the registration process (or however the username and password end up in
the database), then that part should be fine.
Hope that helps.
Chris
=====
My Blog
http://shiflett.org/
HTTP Developer's Handbook
http://httphandbook.org/
RAMP Training Courses
http://www.nyphp.org/ramp
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
