Login security issue
Posted: Tue Mar 18, 2003 2:31 am
If I have a user login and the query is something like
$query = "Select * FROM login WHERE user = \"".$user."\" AND pass = \"".$pass."\"";
How can I stop someone from doing something like user enters
$user = "1';new mysql_query HERE";
Also, any code that other ppl use to login would be helpful too as even though it isn't difficult, I haven't done it before and might as well not re-invent the wheel and make the same mistakes that others have made.
Cheers
$query = "Select * FROM login WHERE user = \"".$user."\" AND pass = \"".$pass."\"";
How can I stop someone from doing something like user enters
$user = "1';new mysql_query HERE";
Also, any code that other ppl use to login would be helpful too as even though it isn't difficult, I haven't done it before and might as well not re-invent the wheel and make the same mistakes that others have made.
Cheers