Page 1 of 1

About admin panel login functions and avoid injection

Posted: Thu Feb 14, 2008 3:54 pm
by ligaci
Hi, This is my first message;

I just want to ask about control panel login security. In my system i use a different method. Because there is only one admin and they need only one username and password. I select all data from admin table on database and i send them an array. Then i compare the usernames and passwords, maybe via array_search or another fuction can be used, if username and password are true login else to the form.

I hope you will understand what i mean. I think this will avoid injection for the systems has few admin. I need your answers to be sure.

Thanks a lot

Re: About admin panel login functions and avoid injection

Posted: Thu Feb 14, 2008 4:51 pm
by Christopher
If you are saying that you do not use a database, but instead store the data in an array, then yes you will eliminate SQL injection. But you still may need to filter and escape the input.