Andy,
Thanks for your comment. What I posted is only part of my code though,
as the entire thing is a bit long, and with all the includes rather hard
to follow unless I posted the whole file set. Above the piece I posted I
have code to do slashing, and some MD5 hashing, as well enforcing
Could I recommend a more secure approach:
1) using two hashes to protect the data (in case the database is
compromised they are both one-way hashes, and using two protects
against collision attacks whereby a different password string
generates the same hash as the original password)
2) escaping
Peter Westergaard wrote:
snip
You should probably check out http://php.net/mysql_query for more
information on this function. The difference between empty result
and invalid query is significant. Once you've determined that the
query is valid, you must also then check to see if it
