"Rick Emery" <[EMAIL PROTECTED]> wrote:

> Lets say you have a statement like:
> $query = "SELECT * FROM mytable WHERE firstname=$firstname";
> And if $firstname is set to:
>   "xyz"; DELETE FROM mytable
> Then this is executed as:  SELECT* FROM mytable WHERE
firstname="xyz";DELETE FROM mytable
> This can wipe out your table...a bad thing...

Well, one way you can avoid similar things to happen is, you can do
something like, say, create a user that can only SELECT. If the user can
only SELECT then it cannot DELETE.

- E


PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to