Andy,
Thanks for your comment. What I posted is only part of my code though,
as the entire thing is a bit long, and with all the includes rather hard
to follow unless I posted the whole file set. Above the piece I posted I
have code to do slashing, and some MD5 hashing, as well enforcing strin
Could I recommend a more secure approach:
1) using two hashes to protect the data (in case the database is
compromised they are both one-way hashes, and using two protects
against collision attacks whereby a different password string
generates the same hash as the original password)
2) escaping use
Peter Westergaard wrote:
You should probably check out http://php.net/mysql_query for more
information on this function. The difference between "empty result"
and "invalid query" is significant. Once you've determined that the
query is valid, you must also then check to see if it returned
Hi Peter,
I'm also sort of a beginner.
That's along the lines that I was thinking.
Doesn't mysql_query return a result set object. So in this sample, wouldn't
the IF be testing if the result object was set?
I'm just trying to learn what's going on, I realized the code is wrong but
didn't kno
