Quote:
Originally Posted by Piotrek
I've read that $_GET table is rather not recommended for the reason the variables and values are also passed to the script in the url so they may be hacked the same way you described, right?
|
They're not recommended for logins, but for other parts of the script they are OK.
Logins are best managed by $_COOKIE and checking the data against the user database (username and the hashed password).