I'm creating an app wherein the user can access a database using PHP and MySQLi.
For creating the account I create a url string with the parameters appended on the end which is then read using $_GET in my signup.php file and added to the database (I'll be adding things like email activation later).
Two questions:
Is there a problem using
$_GET
in this fashion? since I'm appending the email and password to the url string, I feel its not secure, but since its inside the app I'm not as sure.How should I handle the login? The way I was thinking was to use
$_GET
method again and using this information in a query to check for matching results then return a message which the app would pick up to log the user in.