It will be a web based but availiable only to a small group of people, so i'm not woried about the sql injection at all.
I just tried to be polite, and i actually already knew that my code was prone to sql injections since the users passwords aren't even encrypted.
Anyway thanks.