Login

PHP код:



$_GET['User'] = mysql_real_escape_string($_GET['User']); //Prevent any SQL Injections.

This is wrong, hackers can easily implement XSS/CSRF attack into the input.

PHP код:



function Escape($string)

{

      $string = htmlentities($string);

      $string = stripslashes($string);

      $string = mysql_real_escape_string($string);

      return $string;

}

PHP код:



while($data = mysql_fetch_array($result)) // Make $data an array of the query you just executed.

{

    echo "<tr>

    <td>".$data['Username']"</td>

    <td>".$data['Money']."</td>

    </tr>";

}

PHP код:



mysql_free_result($result);//Forgot to free the result ?

PS: This tutorial is full of security holes.

Login
Username:
Password:	Lost Password?
	Remember me