> Also, please note that if you're using MySQL you don't have to bother
> all security-wise - MySQL won't accept more than one query per
> mysql_query(). You do have to bother about regular errors though - if
> $f_namn or $email contain quotes (which $email might well contain)
> you're going to end up with a database ERROR - but no harm done.

Why would you say that? While technically true that only one query can
be executed per mysql_query(), you still have to worry about SQL
Injection. Yes, they can't inject their own SQL queries, but they could
affect the ones you issue. They could add a "OR 1" onto a select,
causing it to return all rows from a table and possibly let them view
data they shouldn't. Or, they can do the same thing on an UPDATE and
provide their own values. It's still something to be aware of and
program against. 

---John W. Holmes...

PHP Architect - A monthly magazine for PHP Professionals. Get your copy
today. http://www.phparch.com/

PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to