On Friday 24 June 2011 17:28:08 Chris Stinemetz wrote:
> That worked perfectly!

And will work, until you decide to put quotes in button name for some reason.
And until some malicious user forge POST request with
$_POST['post_tptest'] = "'; DROP DATABASE; --"
But you can use prepared statements to be safe ) ...and they don't need all 
those fancy quoting/escaping/sanitizing ...and they have advantages for 
repetitive operations.
And furthermore, I think Carthage must be destroyed.


PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to