Is it just me or is this a very bad thing from a security standpoint?  It
seems to me that user input should always be filtered before use.  Otherwise
there's nothing stopping a hacker from embedding sql into the value of the
name variable.

> -----Original Message-----
> Insert into members (name) values ($_POST['name']);

PHP Database Mailing List (
To unsubscribe, visit:

Reply via email to