>>>>> "Adam" == Adam Reiswig <lists@honorcomputers.com> writes:
Adam> A couple of days ago I placed a post regarding using the
Adam> $_POST[] variable in an insert sql query. Both
Adam> $sql="insert into $table set Name =
Adam> '".$_POST['elementName']."'"; and $sql="insert into $table
Adam> set Name = '{$_POST['elementName']}'";
The only remark which I would make here is to beware of SQL injection.
Here are a couple of good resources to explain what an SQL injection
attack is and what you should do to protect your code:
http://www.securiteam.com/securityreviews/5DP0N1P76E.html
http://www.sitepoint.com/article/794
--
no toll on the internet; there are paths of many kinds;
whoever passes this portal will travel freely in the world
--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
