--- Brad Ciszewski <bradcis@xxxxxxxxxxx> wrote:
> Please help me figure out what I did wrong.
>
> *connects to database*
>
> $email = $_POST["email"];
>
> $checkEmail = mysql_query("SELECT *
> FROM memberInformation
> WHERE email = '$email'");
Please read this:
http://php.net/manual/security.database.sql-injection.php
Chris
=====
Chris Shiflett - http://shiflett.org/
PHP Security - O'Reilly HTTP Developer's Handbook - Sams
Coming Soon http://httphandbook.org/
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
