Is it just me or is this a very bad thing from a security standpoint? It seems to me that user input should always be filtered before use. Otherwise there's nothing stopping a hacker from embedding sql into the value of the name variable. > -----Original Message----- > Insert into members (name) values ($_POST['name']); -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
