Thanks Colin.
Think I will do both. I can timeout the session with PHP.
Does adding mysql_real_escape_string make this secure to injection or should
I be doing something else?
if ($_POST['submitted']){
$username = mysql_real_escape_string( $_POST['username'] );
$pass = mysql_real_escape_string( $_POST['pass');
$username = md5($username);
$pass = md5($pass);
$query = "SELECT username, pass FROM login where username='$username' AND
pass ='$pass'";
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
