Hi. i'm trying to build a website which when running will have a lot of personal data (user's e-mails) and other stuff which i do not want people to access easily. I made the database using phpMyAdmin, and the php side was done using PHPMaker mostly. i changed a few things but nothign to do with passwords. Can i trust the php code and database i have? i've validated all *** inputs i can (i don't understand how to validate a name, surely a user can type in any command that will list the directory for example?) and given access only to the users listed in the users table (with a password). would this be easy to highjack?