Richard Kurth wrote:
if(response.indexOf('|' != -1)) {
Spot the misplaced bracket.
if($_GET['takeaction']=="delete"){
$uid=$_GET['uid'];
echo $uid;
This is wide open to XSS attacks, you need to be just as careful with
scripts intended to be accessed via javascript as you do with user
facing scripts. If uid is as it sounds, an integer, then
intval($_GET['uid']) will do nicely; otherwise at least use
htmlentities() to prevent XSS.
Arpad
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
