On Wed, Sep 14, 2011 at 16:02, Eric Butera <eric.but...@gmail.com> wrote:
> Just out of curiosity, where are these ids coming from?  Doing a raw
> implode on them like that is a sql injection vuln.

They are in an array. I do of course is_int() them first, plus some
other sanitation including mysql_real_escape_string().

Dotan Cohen


PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to