User Name Password Register
DaniWeb IT Discussion Community
Home
Forums
Tutorials
Code Snippets
Blogs
Link Directory
All
What is DaniWeb IT Discussion Community?
You're currently browsing the PHP section within the Web Development category of DaniWeb, a massive community of 428,363 software developers, web developers, Internet marketers, and tech gurus who are all enthusiastic about making contacts, networking, and learning from each other. In fact, there are 3,454 IT professionals currently interacting right now! Registration is free, only takes a minute and lets you enjoy all of the interactive features of the site.
Join our community!
Please support our PHP advertiser: Lunarpages PHP Web Hosting

PHP Split function

Join Date: May 2008
Posts: 31
Reputation: rgviza is an unknown quantity at this point 
Rep Power: 1
Solved Threads: 5
rgviza rgviza is offline Offline
Light Poster

Re: PHP Split function

  #5  
May 16th, 2008
forgot to mention the security and language compatibility benefit... \w will match non-english characters if locale is set (usually with a language pulldown)

The security benefit is such a login check immunizes you against sql and XSS injection on your login form field by locking in the allowable patterns and size. The approach of the OP was a good one even if he needed a little help with details...

If you use php to hash the user password input instead of mysql's password function, you break sql injection on the password, since you will match passwords on the hashed value, not plain text in the query using mysql's password() function. An injection attempt will just get gobbled. You also avoid sending a plaintext password over your network if the mysqld is on another server.

-Viz
Reply With Quote  
Advertising Opportunities on DaniWeb
Contact Us - Newsletter Archive - Sitemap - Privacy Statement
All times are GMT -4. The time now is 6:50 am.
Forum system based on vBulletin Copyright ©2000 - 2008, Jelsoft Enterprises Ltd.
©2003 - 2008 DaniWeb® LLC