Thanks for all the tips guys. I'll keep the last couple for future
reference.
--
Chip
Gareth Heyes <gareth@xxxxxxxxxxxxx> wrote on 01/26/2005 05:30:45 AM:
> >> if(isset($_GET['id'])) {
> >> $id=$_GET['id'];
> >> $query = "select bin_data, filetype from binary_data where id=$id";
>
> This is a really bad example, anybody can inject your query with
> malicious sql commands.
> Never trust user supplied data.
>
> --
> PHP Database Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
