On Thu, Jun 08, 2006 at 11:25:08AM -0400, Chris Morgan wrote: > $sQuery = "Select versionId from appVersion where > appId='"$_REQUEST['appId']."';"; > > Who's '' around $_REQUEST should prevent the string from being interpreted as > anything but a single value passed as the value of appId.
with appId="' or 1=1;'"? -- cu
pgpseZLsLOL39.pgp
Description: PGP signature
