Skip to main content
Code Review

Return to Answer

replaced http://security.stackexchange.com/ with https://security.stackexchange.com/
Source Link

You home brewed security hashes and such are a big NO. Please, check here check here and here here for a good read regarding that. Also, please do not hash a hash, that can lead to collisions and should be avoided! Using a method such as password_hash() creates a salt for you, therefore you shouldn't have to make one on your own.

You're using mysql_real_escape_string() which is not the way to go. If possible, move away from that and onto mysqli or PDO.

And then your function htent() is sort of redundant. You don't have anything else in the function, so it shouldn't be needed.

You home brewed security hashes and such are a big NO. Please, check here and here for a good read regarding that. Also, please do not hash a hash, that can lead to collisions and should be avoided! Using a method such as password_hash() creates a salt for you, therefore you shouldn't have to make one on your own.

You're using mysql_real_escape_string() which is not the way to go. If possible, move away from that and onto mysqli or PDO.

And then your function htent() is sort of redundant. You don't have anything else in the function, so it shouldn't be needed.

You home brewed security hashes and such are a big NO. Please, check here and here for a good read regarding that. Also, please do not hash a hash, that can lead to collisions and should be avoided! Using a method such as password_hash() creates a salt for you, therefore you shouldn't have to make one on your own.

You're using mysql_real_escape_string() which is not the way to go. If possible, move away from that and onto mysqli or PDO.

And then your function htent() is sort of redundant. You don't have anything else in the function, so it shouldn't be needed.

Source Link
Alex L
  • 5.8k
  • 2
  • 26
  • 69

You home brewed security hashes and such are a big NO. Please, check here and here for a good read regarding that. Also, please do not hash a hash, that can lead to collisions and should be avoided! Using a method such as password_hash() creates a salt for you, therefore you shouldn't have to make one on your own.

You're using mysql_real_escape_string() which is not the way to go. If possible, move away from that and onto mysqli or PDO.

And then your function htent() is sort of redundant. You don't have anything else in the function, so it shouldn't be needed.

lang-php

AltStyle によって変換されたページ (->オリジナル) /