[snip] Can someone help me understand how people are able to use SQL maliciously if you don't protect against it in PHP? [/snip]
This is a complex subject, but let us say that you didn't do checking at all, someone might be able to pass a delete statement in a form box like "DELETE FROM `table` WHERE '1' = '1'". Since this statement returns TRUE the table would be emptied. There are many ways to combat SQL injections, the most basic of which have to do with things like GRANTS, query verification, data verification, etc. Read on ... http://www.google.com/search?hl=en&ie=UTF-8&q=SQL+injection -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
