On Sun, Oct 27, 2002 at 11:18:28PM -0700, Dan Tappin wrote:
> What do you mean by "SQL injection"...?

        Well, to use your example of updating a user record, what if they
added form variables?


        Of course, not all will be applicable, but there's almost certainly
fields in your tables you don't want the entire world editing.

PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to