Cristian

Cristian: "Hello Mr. Jeff Skysak and Adam Tikacz! As you see i'm new here. I read this article about the PHP and MySQL Secure Login and it's very usefull, great tutuorial! But I have one question, I try to programming in PHP and MySQL and I don't understand something. It's correct what i'm sayng: Someone can save the 'View source' from a login form and change the data's for enter in your database more easyer. For example, he can change the 'or capturecritical('MySQL Query Error in XYZ.php, line 24', mysql_error(), $user, time()); ' with or die('Error '.mysql_error()); . And more important: he can extract the password of my MySQL database from the login file and use it to 'Let's have some data's (or destroy) :-)'. I understand that you can limit users to just using for example the SELECT statement, but in the case you must enter some data's in the database the account must have more permissions. And the hacker, can change also the limitation of user permission by rescript some code in the login file. My problem is how to repair this big security problems? Best regards, Christian (Sorry for my bad english)" to article Secure Website Login Programming with PHP & MySQL (07/12/2007)