Is my this password protection script safe from SQL injection?
I've had a bit of trouble with this script I found. Someone entered in some junk into the password field and broke my website for 15 minutes. I couldn't get into FTP, or into my host's control panel.
All they did was enter =='1=1
That's a pretty bad flaw!
I just don't know how to apply ctype_alnum to ensure that only alphanumeric values are read by this script, so I can prevent failures like this from happening again.
Also is this script protected from SQL injection?