I created a site www.classicalevents.com and my client is concerned about security. Now I took all precautions that I knew of.

1. No auto complete on login
2. .htaccess to redirect all no-existent pages to the main index page
3. All files call a checklogin file to make sure that there is a session started.

Is there anything else that I should look out for?

Thank for the input.


I hope I am posting this in the correct forum.

John

Input validation to prevent SQL injection.

I'm sorry I don't know what that means?

SQL injection?

You can find more info about SQL injection at:
http://www.google.com/search?hl=en&ie=UTF-8&oe=UTF-8&q=SQL+injection&btnG=Google+Search

thank you