> $query = "UPDATE $table SET field1='$var1' WHERE id='$id'";
I really hope you don't have register_globals on, or you are validating the
value of $table before you run this kind of query, otherwise your query is
open up to an attack to update any table in the database...
$table = "admin SET admin='Yes' WHERE username='John' #";
The # will make the remainder of your query a comment and it'll be ignored
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php