Ross wrote:
Thanks Colin. Think I will do both. I can timeout the session with PHP.Does adding mysql_real_escape_string make this secure to injection or should I be doing something else?if ($_POST['submitted']){
This should be
if ( isset($_POST['submitted']) ) {
This way it doesn't give you a PHP NOTICE:...
$username = mysql_real_escape_string( $_POST['username'] ); $pass = mysql_real_escape_string( $_POST['pass');
You forgot a closing bracket on that last $_POST['pass'....
$username = md5($username);
???Why md5 the $username?Makes it difficult to work on and display later on, unless you don't use it that way
Jim Lucas
$pass = md5($pass);$query = "SELECT username, pass FROM login where username='$username' AND pass ='$pass'";
-- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
