Quote:
|
Originally Posted by borked
It took 2 full days to write a perl script to check whether a table row exists?
In either case live lookups are a bad idea - imagine if I wrote a script to try all the words in a dictionary in 1 second? I suspect a sql core dump would be on the way.... you can't control the number of times a user tries. At least with a POST process, you could say: "User nobody already exists. How about nobody123 etc etc"
Also, you may want to go back and sanitise some user input....
The username
' OR '1'='1
really exists???
|
ohhhh sql injections! haha.. oh well for that 10 years of intense software dev.
