On Thu, Jan 8, 2009 at 09:10, tedd <tedd.sperling@xxxxxxxxx> wrote:
>
> $sql = "SELECT id FROM modules_permissions WHERE id = '$permissionId' ";
I was going to ask something about sanity, but then I remembered
with whom it is I'm speaking. ;-P
That aside, don't forget your pre-database-interaction sanity.
Even an explicitly internally-defined variable can have issues, so
unless you're 100% certain that it will be safe, it's better to <?php
mysql_real_escape_string($permissionId); ?>, et al.
--
</Daniel P. Brown>
daniel.brown@xxxxxxxxxxxx || danbrown@xxxxxxx
http://www.parasane.net/ || http://www.pilotpig.net/
Unadvertised dedicated server deals, too low to print - email me to find out!
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
