eirikureiriksson

Adding my five cents to what already has been said?1. Do not build SQL strings directly from user input, ?select id from user where username = (input) and password = (input)?. The simplest way would be striping the input of any comment marks, line ending marks and quote/string marks and place the input inside a string quotes, ?select id from user where username = ?(input)? and password = ?(input)??. 2. Validate all input and limit it to the right data type, character set, length and values. 3. Remove all unnecessary permissions from all database users.4. Use account lock-out for repeated failed log-ins.5. Use views containing just the necessary fields for each query, do not select directly from the tables.

Hi, your best option is to add the third table to handle the many to many relationships. You have basically two options, first is allowing multiple identical links. In that case you should have three fields in the table, numerical primary key, student id and class id. Otherwise the relationship table should consist of at least two fields, Class ID and Student ID, which combined form the unique key for each entry. |ASSIGNEMENT||STUDENT| |-----------| |-------| |ASGN_ID | |CLASS ||ST_ID |------|ST_ID | |--------| |CLASS_ID |------|CLASS_ID|