bro... when i seen u put the select code into the sql this whole php came to me. Thanks a lot... now that i seen that... im going to make my site to where when u go to it... u gotta log into any of the pages :) but just like with any programming language, the possiblyities are endless. fuk my english lol.

Oh wow that helped me so much to understand whats SQL and how to use it :) THANKS!!!

Yeah this is what I mean. At 00:38. Do you have a video that goes through you creating that script?

@IceyArtist Sort of, I have one on a user account system.

admin'># works too

inpiut rofl!!

"well u dont need to use this function, (cause its not fucking working right noi) haha

@ 11:00 etc. thats pretty much what I do

made a function to check for magic quotes if its on use stripslashes and real escape, if its off realescape.

@ti07shadow then your strings should be safe :D

"stripslashes($inpiut)" <-- =p

@RawRzCopteR wondered how long it would take for someone to point that out....

typos are your downfall lol...

@RawRzCopteR I get it right in the end :)

@betterphp except in this video LOL

@RawRzCopteR Correction: I get it right in the end when the code is actually used.

tyvid this tutorial then although I have used mres I have still left the door ajar for some nasty code, I have

$query = mysql_query ("SELECT * FROM login WHERE username='$username'");

I am assuming I need to do something there as well to prevent inj?

@dashby1969 You would have to apply the mres() function to the $username variable, then you should be okay.

so if you encrypt using md5 then again you dont need mysql_real_escape_string ()?

Which is better md5 or sha1 or is that just down to choice?