> Your idea to use 'COUNT(Username)' is just about the ONLY part of that
> script that you are doing correctly...
>
> :-)
:D
> And the header("Location: ...") requires a full URL.
Why?
> And you should have better error-checking, probably.
> [Though maybe you have a custom error handler not apparent]
Right. I skipped that part to not "waste" space in post. $_POST values are
checked first and then used.
> And your DB password should probably be a hash/crypted value.
Correct. I use this, of course.
> And it looks like maybe you are using register_globals "on" which is bad.
Nope! globals are off.
:D
> Once again, start reading:
> http://phpsec.org/
I'm Shiflett's fan!
:)
-afan
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
