and what if $_GET['id'] is something like
"1; DROP TABLE tb_emails;"
??
SQL injection just waits to happen
Something I just thought, he could do a drop table inside an update
statement ? because the query is :
UPDATE tb_emails SET bol_active = $action WHERE auto_id = $id
so if he changed the $action or the $id, it will be inside the UPDATE,
doesn't changing any of the variables to a DROP TABLE just give an error ?
TIA
Marcelo
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
