Is it just me or is this a very bad thing from a security standpoint?  It
seems to me that user input should always be filtered before use.  Otherwise
there's nothing stopping a hacker from embedding sql into the value of the
name variable.

> -----Original Message-----
> Insert into members (name) values ($_POST['name']);

-- 
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to