Eric Butera wrote:
$result = mysql_query($query) or die(mysql_error());You know guys, after seeing all this talk of sql injection over the past few days, I'd also like to point out or die is pretty bad too. Especially when coupled with mysql_error(). It can expose sensitive system info (security vuln) when a simple if (!$result) { show error page } would have worked. I know I laugh and leave whenever I see such an error on some site I stumble across.
yay - well said eric :) -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
