Anyone out there that has ever written a login script needs to go read <A href="http://www.phpkitchen.com/article.php?story=20030406040302866>this new posting on phpKitchen.com right now.

When writing a login script, there's always the chance that you'll get one of those malicious users out there that thinks it's their duty to test the integrity of your site's login. In this piece, they mention some steps you can take to ensure they don't get very far. With suggestions like: "never pass unverified data from a webform to your database" and "if you're using MySQL use either mysql_escape_string or mysql_real_escape_string to escape a string for use in mysql_query".

There's all sorts of ways that people can use and abouse your site and convince it to give up some data that it doesn't need to, but this is a step in the right direction. There's a few other comments/suggestions they have there, so be sure to check it out and help secure your site's login.