RE: [PHP-DB] storing images in database

Wed, 26 Jan 2005 05:41:02 -0800 

>> if(isset($_GET['id'])) {
 >> $id=$_GET['id'];
>>  $query = "select bin_data, filetype from binary_data where id=$id";

This is a really bad example, anybody can inject your query with malicious sql commands.
Never trust user supplied data.

--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to