I'm curious about how to protect SQL query. For example, if I get some
varaibles from user using GET or POST method. Then, I have to use it in
a SQL query sentense. How can I make sure that users don't do trick by
inserting some SQL command into the variable resulting in miss sql
command? Is there any method to prevent that?
Another question is that, are there any PHP build-in function to remove
some unwanted charactor (like " and ' and \ and / ...) or I have to do
it manually?
Best Regards,
Thone
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
