How would i prevent people seeing the password and login detail within a php script.
Also how best to prevent against php injection?
snippet of my script is as follows -
<?php
$con = mysql_connect("localhost", "root", "");
if (!$con)
{
die('Could not connect: ' . mysql_error());
}
$db_selected = mysql_select_db("btg", $con);
$date1 = "";
$date2 = "";
$date1 = mysql_real_escape_string($date1);
$date2 = mysql_real_escape_string($date2);
if (isset($_POST['Submit']))
{
$date1 = date('Y-m-d', mktime(0,0,0,$_POST['startmonth'],$_POST['startday'],$_POST['startyear']));
$date2 = date('Y-m-d', mktime(0,0,0,$_POST['endmonth'],$_POST['endday'],$_POST['endyear']));
}
$sql = ("SELECT * FROM users
WHERE corrispondance BETWEEN '$date1' AND '$date2'");
$result = mysql_query($sql,$con);
$num=mysql_num_rows($result);
?>
