05.06.2016, 11:19
Are you sure that is the actual problem and not some "hole" in your script? Like not resetting variables or many other different reasons.
1. If you did not hash the passwords (+ adding salt for extra security) is your problem - you shouldn't save passwords as plain text.
2-3. Integers and Floats do not matter, only strings should be escaped.
4. Not sure what exactly you mean.
Other than that, you should restrict the access for the queries for the user you are connecting to SQL. Not allowing DROP and such unless the user is root (you shouldn't connect with root in mysql_connect/db_connect).
1. If you did not hash the passwords (+ adding salt for extra security) is your problem - you shouldn't save passwords as plain text.
2-3. Integers and Floats do not matter, only strings should be escaped.
4. Not sure what exactly you mean.
Other than that, you should restrict the access for the queries for the user you are connecting to SQL. Not allowing DROP and such unless the user is root (you shouldn't connect with root in mysql_connect/db_connect).