Hi all,

I've had a bit of trouble with this script I found. Someone entered in some junk into the password field and broke my website for 15 minutes. I couldn't get into FTP, or into my host's control panel.

All they did was enter =='1=1

That's a pretty bad flaw!

I just don't know how to apply ctype_alnum to ensure that only alphanumeric values are read by this script, so I can prevent failures like this from happening again.

Also is this script protected from SQL injection?