How about something like:
char *sql = g_strdup_printf ("INSERT INTO test(id) VALUES('%s')", p);
doSQL (sql);
g_free (sql);
You also want to check that the user entry is valid and doesn't
contain things like quotes. Otherwise some joker could enter something
like:
'); update person set salary=100000 where id=1234; insert into test(id) values('a
into your entry box and whoopee, hack your database.
--tml
_______________________________________________
gtk-list mailing list
gtk-list@xxxxxxxxx
http://mail.gnome.org/mailman/listinfo/gtk-list
