he visto este codigo generado por el DW css3 para autentificar un usuario
y me sorprende q no re realice nada para evitar la inyeccion de codigo.
replace ' por '' y esas cosas
es seguro?
Código PHP:
MM_loginSQL = "SELECT *"
If MM_fldUserAuthorization <> "" Then MM_loginSQL = MM_loginSQL & "," & MM_fldUserAuthorization
MM_loginSQL = MM_loginSQL & " FROM usuarios WHERE [User] = ? AND pass = ?"
Set MM_rsUser_cmd = Server.CreateObject ("ADODB.Command")
MM_rsUser_cmd.ActiveConnection = MM_AR_STRING
MM_rsUser_cmd.CommandText = MM_loginSQL
MM_rsUser_cmd.Parameters.Append MM_rsUser_cmd.CreateParameter("param1", 200, 1, 255, MM_valUsername) ' adVarChar
MM_rsUser_cmd.Parameters.Append MM_rsUser_cmd.CreateParameter("param2", 200, 1, 255, Request.Form("contraseña")) ' adVarChar