Improving Login Form security

[ot]Ah! I totally forgot about that, and that thing was riddled with grammar errors. (Now fixed.) I also thought that everyone forgot about that, since the domain change was fairly abrupt.

I also came back to edit my post, since it came off a little harsh. Sorry, hexburner. Can’t fix that now.[/ot]

Heh, yep it’s a great resource.

The plan now is to survey all my existing sites, try plug some holes and then monitor my access/error logs on a daily basis. Good times! :slight_smile:

If you’re going to be rewriting significant tracts of code anyway, could I suggest moving away from the mysql extension, and toward MySQLi or PDO, which allow prepared statements, and thus require zero escaping of code?