jorge correia - 2016-12-21 15:44:41
Hi,
in your examples, for security reasons you should not access superglobal $_GET or $_POST directly.
As an example in the login process where you have this:
$email = IsSet($_POST['username']) ? $_POST['username'] : '';
$password = IsSet($_POST['password']) ? $_POST['password'] : '';
It should be:
$email = filter_input(INPUT_POST, 'username', FILTER_SANITIZE_EMAIL);
$password = filter_input(INPUT_POST, 'password', FILTER_SANITIZE_STRING);
Thanks,
Jorge Correia