"Rick Emery" <[EMAIL PROTECTED]> wrote:
> Lets say you have a statement like:
> $query = "SELECT * FROM mytable WHERE firstname=$firstname";
> And if $firstname is set to:
> "xyz"; DELETE FROM mytable
> Then this is executed as: SELECT* FROM mytable WHERE
firstname="xyz";DELETE FROM mytable
> This can wipe out your table...a bad thing...
Well, one way you can avoid similar things to happen is, you can do
something like, say, create a user that can only SELECT. If the user can
only SELECT then it cannot DELETE.
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php