Hi,
just two more little things for correctness.
1. You should not save user input ($_POST) directly into the database.
1.
$_POST
See: php.net/manual/en/security.databas... And: php.net/manual/en/mysqli.prepare.php
2. You save the user password also directly into the database, instead you should use php's inbuilt functions password_hash() and password_verify().
2.
password_hash()
password_verify()
See: php.net/manual/en/function.passwor... And: php.net/manual/en/function.passwor...
Have a nice day :)
Simon
Thanks so much for the guidance this will go along way
Are you sure you want to hide this comment? It will become hidden in your post, but will still be visible via the comment's permalink.
Hide child comments as well
Confirm
For further actions, you may consider blocking this person and/or reporting abuse
We're a place where coders share, stay up-to-date and grow their careers.
Hi,
just two more little things for correctness.
1.
You should not save user input ($_POST
) directly into the database.See: php.net/manual/en/security.databas...
And: php.net/manual/en/mysqli.prepare.php
2.
You save the user password also directly into the database, instead you should use php's inbuilt functionspassword_hash()
andpassword_verify()
.See: php.net/manual/en/function.passwor...
And: php.net/manual/en/function.passwor...
Have a nice day :)
Simon
Thanks so much for the guidance this will go along way