SQL Injection Test
Ok here you go a quick test to see if you are vunerable to sql injection. In your login form use Username: admin'-- This will cause the sql query to comment out everything after the username is passed. example: * SELECT * FROM members WHERE username = 'admin'--' AND password = 'password' This is going to log you as admin user, because rest of the SQL query will be ignored.