Hello everyone, if I'm not mistaken, to overcome the problem of "Sql Injection", I have not seen particular improvement with PDO and / or Prepare Statement, because it always takes the PhP string "mysqli_real_escape_string, right? Well, why not implement that the user control of a form is done with hash, obviously also the password? And why not, add other controls, like, salt & pepper to avoid brute force attacks? In practice, give the possibility of being able to insert other controls, such as a kind of PIN1 and PIN2, for example :) We give possibilities very close to zero to hack our site :)
The user hashed + hashed password with “hash(salt . pass . pepper)” works very fine and hashed user too
