Return to Revisions

Well, let's see:

• You're using PDO and prepared statements, no risk of SQL injection there. Great!
• Your PDO code may throw an Exception (Specifically, a PDOException) at any time, so the whole database code block should be kept inside of the try/catch block.
• crypt in on itself isn't 100% secure. See This question for more details.
• Database credentials are not constant. They can change over time, and you may want to change the server, change the user, add an additional database etc in the near/far future. The solution is to use functions (or better yet, classes) and pass the credentials as variables, rather then applying them as app-wide constants.