Thanks for all the tips guys. I'll keep the last couple for future reference. -- Chip Gareth Heyes <gareth@xxxxxxxxxxxxx> wrote on 01/26/2005 05:30:45 AM: > >> if(isset($_GET['id'])) { > >> $id=$_GET['id']; > >> $query = "select bin_data, filetype from binary_data where id=$id"; > > This is a really bad example, anybody can inject your query with > malicious sql commands. > Never trust user supplied data. > > -- > PHP Database Mailing List (http://www.php.net/) > To unsubscribe, visit: http://www.php.net/unsub.php > -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php