Originally posted here by slarty
- Open an ADO connection to the database (instantiate an ADODB.Connection object)
- Execute a SQL query to return the user's password (making sure you escape any funny characters in the username)
- Compare the password retrieved with the entered password
- For increased security, store the passwords with one-way encryption and compare the encrypted versions

{snip}

For maximum safety, check that the username is alphanumeric and reject it otherwise.
Yes. Make damn sure the username/password is something YOU want or else you might open up some SQL injection hole.