25 Jan 2020 by Richard MacCutchan
First point, do not use string concatenation to create SQL statements, it leaves your system vulnerable to SQL injection. Use parameterised queries always. Second point, do not store passwords in clear text, use salted hash values always. See Secure Password Authentication Explained Simply[^] ...