Welcome Guest, Not a member yet? Register   Sign In
Login security
#1

[eluser]rkitkonsult[/eluser]
Hi,
I'm have a problem that probably is easy to fix for all of you... Please help me out, I'm not that good at this yet...

When a user log in I want to check that the username or password wasnt an sql-injection attempt or somethin like that. How do I do?

This is an example of my thoughts:

//Clean username
$post_username = $this->input->post('username');
$xss_username = $this->input->xss_clean($post_username);
$clean_username = $this->db->escape($xss_username);

//Clean password
$post_password = $this->input->post('password');
$xss_password = $this->input->xss_clean($post_password);
$clean_password = $this->db->escape($xss_password);
$hashed_password = dohash($clean_password);

//Check if match in database
$this->db->select('Username, Password');
$this->db->where('Username', $clean_username);
$this->db->where('Password', $hashed_password);
$query = $this->db->get('Users');

This doesnt work! Its the 'cleaning' parts that gives me troubles... What am I doing wrong?


Messages In This Thread
Login security - by El Forum - 09-08-2009, 04:37 AM
Login security - by El Forum - 09-08-2009, 04:48 AM
Login security - by El Forum - 09-08-2009, 04:49 AM
Login security - by El Forum - 09-08-2009, 05:19 AM



Theme © iAndrew 2016 - Forum software by © MyBB