TalkPHP - View Single Post

Karl · 10-28-2007, 01:24 PM

Surely that way is less secure than the usual SQL statement as you'll be transmitting the password as clear text, whereas usually you'd md5 it in PHP and send it encrypted.

You're also repeating $szUsername in your sprintf arguments, tut tut :P

Seriously though, I don't understand how that method is more secure than the standard approach (assuming you filter and escape data correctly, of course)? Just seems like more work for the same outcome.

10-28-2007, 01:24 PM	#5 (permalink)
Karl The Reckoner Join Date: Sep 2007 Posts: 437 Thanks: 22	Surely that way is less secure than the usual SQL statement as you'll be transmitting the password as clear text, whereas usually you'd md5 it in PHP and send it encrypted. You're also repeating $szUsername in your sprintf arguments, tut tut :P Seriously though, I don't understand how that method is more secure than the standard approach (assuming you filter and escape data correctly, of course)? Just seems like more work for the same outcome. __________________ Any fool can write code that a computer can understand. Good programmers write code that humans can understand.