Dave W wrote:
The problem with GET is that a user that looks at the source code of the
html can easily just input what they want for the argument. Can you say SQL
injection?

Can you say input validation? Regardless of where user input comes from, whether it's in the URL, in POST vars or in cookies they should all be subjected to the same validation. Trust nothing.

-Stut

--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to