I've tried to write a function which will go through the security steps needed for login/register fields on a form. It will be placed in an include file and only called on those two pages. This is what I've come up with.
$username = spray_text_inputs $_POST['username'];
$password = spray_text_inputs $_POST['password']
// function for stopping basic hacking.
function spray_text_inputs ()
$username = htmlspecialchars ($username)
$password = htmlspecialchars($password)
//MySQL injection protection
$username = stripslashes("" "");
$password = stripslashes("" "");
$username = mysql_real_escape_string("" "");
$password = mysql_real_escape_string("" "");
//these two Im quite sure are being used wrong.
$username = htmlentities($username, ENT_QUOTES, 'UTF-8');
$password = htmlentities($usernam, ENT_QUOTES, 'UTF-8');
Is this a good idea..? Im quite sure it's wrong and as you can see I have asked many questions in my comments. The brackets I have left empty with double double quotes is because Im not sure what to write in there, either the variable or the value of the field in the HTML file...??
I thought of putting them in an array and looping through each one and moving onto the next one using if statements but that might cause more code than needed.