On Sun, Oct 27, 2002 at 11:18:28PM -0700, Dan Tappin wrote: > What do you mean by "SQL injection"...?
Well, to use your example of updating a user record, what if they added form variables? +admin=1 +paid_until=2102 +balance=1000000000 Of course, not all will be applicable, but there's almost certainly fields in your tables you don't want the entire world editing. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php