On Sun, Oct 27, 2002 at 11:18:28PM -0700, Dan Tappin wrote: > What do you mean by "SQL injection"...?
Well, to use your example of updating a user record, what if they
added form variables?
+admin=1
+paid_until=2102
+balance=1000000000
Of course, not all will be applicable, but there's almost certainly
fields in your tables you don't want the entire world editing.
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
