ellisgl's Comments

I think this is the first tutorial I've seen that actually works with Open ID and make sense. There are typos in the code that is shown on the page, so download the files. Of course there wasn't any MySQL integration, so the title isn't 100% correct.

Basic conclusion of this tutorial is to wrap your variables that you are passing to a query with mysql_real_escape_string(). Even then, I've read stuff that mysql_real_escape_string() isn't 100% secure. There's other stuff you can do to filter strings and such. There's talk about using stored procedures, but I've seen where stored can be overkill and end up slowing query down.

It's a ok tutorial, but it's lacking some stuff.

1.) It needs to use the new link argument of mysql_connect so it can do multiple database connection.

2.) It needs a Query method so you can just use hand written queries.

3.) Typos in the tutorial, i.e. "<?php;"

4.) Some really simple and basic optimizations are missing. IE. $i++ should be ++$i, the use of count() inside the arguments of a for loop is slow. output count to a variable and use that in the argument.

5.) Might want to do it as an interface. http://www.developer.com/lang/php/article.php/3604111

Pretty good. I've been working on a class system for this. http://www.webdeveloper.com/forum/showthread.php?t=157676

Ok - this is the super basic way of setting a session, but here's a more secure way. I have even more secure session stuff for login stuff that deals with salts.

session_start(); // Start the session

// Simple protection of session attacks. if(!isset($SESSION['secured'])) { session_regenerate_id(); $SESSION['secured'] = 1; }