Quote:
Originally Posted by kmote  Good tutorials there but it looks like login.php is vulnerable to SQL injection. |
As it is only a basic tutorial, I didn't do much with security. However, mysql_escape_strings will pretty much eliminate SQL injection, by escaping any illegal characters. If you wanted to take it a bit further, you could use some regex to custom filter the data before you do any queries.