On Wed, Sep 14, 2011 at 16:02, Eric Butera <eric.butera@xxxxxxxxx> wrote: > Just out of curiosity, where are these ids coming from? Doing a raw > implode on them like that is a sql injection vuln. > They are in an array. I do of course is_int() them first, plus some other sanitation including mysql_real_escape_string(). -- Dotan Cohen http://gibberish.co.il http://what-is-what.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php