// Instantiate Login class $login = new login($_POST['user']); // SQL Injection Control foreach ($_POST as $key => $value) { if (is_string($_POST[$key])) { $_POST[$key] = $login->escape($_POST[$key]); } } // XSS Prevention foreach ($_POST as $key => $value) { if (is_string($_POST[$key])) { $_POST[$key] = htmlspecialchars($_POST[$key], ENT_QUOTES, 'UTF-8'); } } // Message if ($login->validateUser($_POST['user'], $_POST['password'], $sqlHandle)) { print 'Thanks for logging in ' . $login->getUser() . '. Your email is: ' . $login->getEmail($_POST['user']) . ' <a href=index.php><- Back</a>'; die; } else { print '<strong>Bad credentials. Please try again. Thank you.</strong>'; } } ?> <html> <head> <title>Login</title> <script type="text/javascript" src="https://ajax.googleapis.com/ajax/libs/jquery/1.7.2/jquery.min.js"></script> <link rel="StyleSheet" href="style.css" type="text/css"> </head> <body> <div id="mainBox">