Monthly Archives: November 2011

PHP security tips

NEVER¬†trust user input User the following validation methods for input. <?php $username = mysql_real_escape_string($_POST[‘username’]); $password = mysql_real_escape_string($_POST[‘password’]); // Query database to check if there are any matching users $query = “SELECT * FROM users WHERE user=’$username’ AND ¬† password=’$password’”; mysql_query($query);

Posted in Uncategorized