Ray Hauge wrote: > > Don't forget making it secure. Here is one of my questions people can use if > they like. Feel free to re-word it. I'm a programmer, not a writer ;) > > What change(s) would you make to the following code to make it more secure? > > $id = $_GET['id']; > mysql_query(“DELETE FROM myTbl WHERE id = $id”); Believe it or not, I've lost count of how many times I've seen things like this in Real Life. SQL Injection waiting to happen... > I like this question, because they have to know at least the fundamentals of > PHP security. Agreed. One thing I would add is to make sure they're familiar with the PHP version you use. Regards, Austin.
Attachment:
signature.asc
Description: OpenPGP digital signature
