That URL actually translates to 456456456 OR 1<>2
Which is always true. So If you use this verbatim, you'll get a true result (if you were using it as part of a login process, the user would be in without providing a login and password :-p )
I always, *always* apply $result=(integer) $_GET["uid"] to these strings : That way you are guaranteed it's a number not a string.
Cheers - Neil
Message-ID: <[EMAIL PROTECTED]> From: "Dan Bowkley" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Date: Sun, 9 May 2004 15:17:19 -0700 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit Subject: Re: [PHP-DB] supernoob strikes again
I thought "4" didn't equal "456456456%20%20OR%201<>2"
======================================================== CaptionKit http://www.captionkit.com : Production tools for accessible subtitled internet media, transcripts and searchable video. Supports Real Player, Quicktime and Windows Media Player.
VideoChat with friends online, get Freshly Toasted every day at http://www.fresh-toast.net : NetMeeting solutions for a connected world.
-- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php