What are the potential security risks associated with using the provided login script in PHP?

The provided login script is vulnerable to SQL injection attacks as it directly concatenates user input into the SQL query. To mitigate this risk, you should use prepared statements with parameterized queries to securely handle user input.

// Secure login script using prepared statements
$stmt = $pdo-&gt;prepare(&#039;SELECT * FROM users WHERE username = :username AND password = :password&#039;);
$stmt-&gt;execute([&#039;username&#039; =&gt; $username, &#039;password&#039; =&gt; $password]);

if($stmt-&gt;rowCount() &gt; 0) {
    // User authenticated
} else {
    // Invalid credentials
}

Keywords

SQL injection Cross-site scripting (XSS) Session hijacking Password hashing Input validation

What are the potential security risks associated with using the provided login script in PHP?

Keywords

Related Questions