and what if $_GET['id'] is something like "1; DROP TABLE tb_emails;" ?? SQL injection just waits to happen
I think tha tit will be too much of a hacker effort just to kill a table of contact emails, and also he will have to guess ( is there other way ? ) the table name, but just to be on a safer side:
- Is there a way to say that id can only be a number ? something like $id:Number = $_GET['id']? TIA -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
