i think u cant use sql injection to login into an username account if the password is encrypted before the query.. heres an example:
-------------------
$password = md5($password)
SELECT User, Password FROM users WHERE User='$Username' AND Password='$password'
--------------
so, if you use this as a password:
' OR ''='
before the query.. it will be encrypted to this:
d20da3888278ec814f6a837f260b60df
so... it will be like this
SELECT User, Password FROM users WHERE User='Example' AND Password='d20da3888278ec814f6a837f260b60df'
doesnt matter what you type on password form..
i think thats like the best security you can have
however i think u can yet mess with the username... as encripting the username is not used anywhere
-------------------
$password = md5($password)
SELECT User, Password FROM users WHERE User='$Username' AND Password='$password'
--------------
so, if you use this as a password:
' OR ''='
before the query.. it will be encrypted to this:
d20da3888278ec814f6a837f260b60df
so... it will be like this
SELECT User, Password FROM users WHERE User='Example' AND Password='d20da3888278ec814f6a837f260b60df'
doesnt matter what you type on password form..
i think thats like the best security you can have
however i think u can yet mess with the username... as encripting the username is not used anywhere