Dave W wrote:
The problem with GET is that a user that looks at the source code of thehtml can easily just input what they want for the argument. Can you say SQLinjection?
Can you say input validation? Regardless of where user input comes from, whether it's in the URL, in POST vars or in cookies they should all be subjected to the same validation. Trust nothing.
-Stut -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php