How do you protect against SQL injections? Your method for checking a valid password is a bit convoluted and personally I'd rather let MySQL handle checking the password than go the way of bring back all of the user data and checking it in PHP.