GoFuckYourself.com - Adult Webmaster Forum - View Single Post

Zyber · 09-20-2010, 02:21 PM

You can also move some of the logic to PHP instead of MySQL. For example you can compare values in PHP arrays instead of sending them to MySQL.

SQL for authentication (unsafe)

Code:

SELECT 1 FROM users WHERE username='$username' AND password='$password'

The below is safer as the user-input is never sent to MySQL.

SQL to preload PHP array

Code:

SELECT username, password FROM users

Authentication in PHP

Code:

if ($passwords[$username] == $password){
 return true;
}
else {
 return false;
}
unset($passwords);

This is just an example to give you the idea

09-20-2010, 02:21 PM
Zyber Confirmed User Industry Role: Join Date: Aug 2001 Posts: 832	You can also move some of the logic to PHP instead of MySQL. For example you can compare values in PHP arrays instead of sending them to MySQL. SQL for authentication (unsafe) Code: SELECT 1 FROM users WHERE username='$username' AND password='$password' The below is safer as the user-input is never sent to MySQL. SQL to preload PHP array Code: SELECT username, password FROM users Authentication in PHP Code: if ($passwords[$username] == $password){ return true; } else { return false; } unset($passwords); This is just an example to give you the idea Last edited by Zyber; 09-20-2010 at 02:23 PM..