Lets say you have a statement like:
$query = "SELECT * FROM mytable WHERE firstname=$firstname";

And if $firstname is set to:
  "xyz"; DELETE FROM mytable

Then this is executed as:  SELECT* FROM mytable WHERE firstname="xyz";DELETE
FROM mytable

This can wipe out your table...a bad thing...

Ah! But only if the database user has permissions for DELETE. That is why
security must be carefully thought out, because there are so many levels for
it to be implemented on.

This has been a great thread, lots of useful information.


PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to