password_hash() handles salting and algorithhm selection for you, its baked into PHP, just use it and don’t worry about how to hash and salt. BCRYPT output uses a fixed limited character set and is OK to use directly in SQL strings. If you need to force to fixed settings
Category: Security
Simple Site Log In Form
In the head of each page add this Note this must be before any html header are sent (i.e. in php code before html output) Use this as the log in page Use this as an optional log out page
Sanitising & encoding strings
Sanitising for HTML Convert special HTML entities back to characters Sanitising for HTML from a form POST See page here. filter_var() function Returns the input string filtered, or FALSE if it was unable to perform the sanitization (e.g. due to an illegal character) See here for all the available filter options See here for examples […]