Thread: Does your site have a registration form? Read it!
View Single Post
Old 09-10-2006, 10:55 PM  
borked
Totally Borked
 
borked's Avatar
 
Industry Role:
Join Date: Feb 2005
Posts: 6,284
Quote:
Originally Posted by baycouples
If it would be simple - everybody would have one. But nobody does. Also, after 10 years of intense software development experience it took me 2 full days to get it done.

It took 2 full days to write a perl script to check whether a table row exists?
In either case live lookups are a bad idea - imagine if I wrote a script to try all the words in a dictionary in 1 second? I suspect a sql core dump would be on the way.... you can't control the number of times a user tries. At least with a POST process, you could say: "User nobody already exists. How about nobody123 etc etc"

Also, you may want to go back and sanitise some user input....
The username
' OR '1'='1
really exists???
__________________

For coding work - hit me up on andy // borkedcoder // com
(consider figuring out the email as test #1)


All models are wrong, but some are useful. George E.P. Box. p202
borked is offline   Share thread on Digg Share thread on Twitter Share thread on Reddit Share thread on Facebook Reply With Quote