Yes, I totally agree. This was merely a sample code of how it could be done. Not a definitive code samples of how to do it securely. There should be way more validation, and better error handling too.


From: Gareth Heyes <[EMAIL PROTECTED]>
Subject: RE: [PHP-DB] storing images in database
Date: Wed, 26 Jan 2005 13:30:45 +0000

>> if(isset($_GET['id'])) {
 >> $id=$_GET['id'];
>>  $query = "select bin_data, filetype from binary_data where id=$id";

This is a really bad example, anybody can inject your query with malicious sql commands.
Never trust user supplied data.

-- PHP Database Mailing List ( To unsubscribe, visit:

Reply via email to