Login with some security

[Darkness Soul]

Hi,

I've reading some references about mysql, but unlucky..

I've been develop a login system, this login is a form that call a page "action.php" where the validation is executed..

The system work wells, but, i like to know about the securit.. my select is like it:

[code]$sql = ' SELECT * FROM tbUsers WHERE login="'. $login .'" AND pass="'. $pass .'" ';[/code]
is this the best security form to use a login system? please, if its securyless, i want some help..

Thanks folks,

Soul

[fenway]

I'm not sure what you mean by security -- I'd be more concerned about how you're sending the passcode itself.

[Darkness Soul]

[!--quoteo(post=358889:date=Mar 27 2006, 11:20 AM:name=fenway)--][div class=\'quotetop\']QUOTE(fenway @ Mar 27 2006, 11:20 AM) [snapback]358889[/snapback][/div][div class=\'quotemain\'][!--quotec--]
I'm not sure what you mean by security -- I'd be more concerned about how you're sending the passcode itself.
[/quote]

Someone told me that my sql isnt secure, someone can use it as a vulnerability...

[fenway]

Well, provided you protect against injection attacks, your queries/scripts are only as secure as your connection itself.

[shoz]

Read through this [a href=\"http://phpsec.org/projects/guide/\" target=\"_blank\"]security guide[/a], in particular the SQL INJECTION topic and look at the php function [a href=\"http://www.php.net/mysql_real_escape_string\" target=\"_blank\"]mysql_real_escape_string[/a].