On Wed, 1 Sep 2004 15:42:16 -0500, Dave Kettmann <[EMAIL PROTECTED]> wrote: > First off, Thanks to Jenda and Wiggins for their quick response. I have found the > answer to my question in Jenda's help (the missing "'"'s) >
I strongly suggest you take Jenda's advice about using placeholders instead. Say the value for $user is: ' OR user_name LIKE '%'-- My SQL may be a little off, but in general, this or something like it could then change your delete statement to delete everything from your table. Even if only a few people are accessing it, there is always the possibility that one of them will enter a single quote into the text box and cause unexpected behavior. I'll stop my rant here. Use this information as you wish. -David -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] <http://learn.perl.org/> <http://learn.perl.org/first-response>
