On Friday, June 13, 2003, at 02:22 PM, Zak Johnson wrote:
$_POST variables are still subject to poisoning; in your case, SQL injection.
How is variable poisoning possible when using $_POST ?? I always felt that the php compiler should check to see if the variable was part of the POST Global array. At least this is is what I thought about the $_POST global array.
Thanks in advance --Pushpinder
-- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
