On Friday 24 June 2011 17:28:08 Chris Stinemetz wrote: > That worked perfectly! And will work, until you decide to put quotes in button name for some reason. And until some malicious user forge POST request with $_POST['post_tptest'] = "'; DROP DATABASE; --" But you can use prepared statements to be safe ) ...and they don't need all those fancy quoting/escaping/sanitizing ...and they have advantages for repetitive operations. And furthermore, I think Carthage must be destroyed. -- Vitalii -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
