> that's the point. if the cracker can change only the end of > the query, it's not so usefull for him (he can maximum get other id)
How about a form of dos: '...where id = '.$id with $id = '23129 or 1' this will select all entries in the table which could result in DoS... So, ultimately this problem is the coders responsibility. Cheerio, Marc. -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php
