itoctopus wrote: >Since you're new to this, always be sure to clean up the output you get from >$_GET or $_POST to avoid sql injection. > >Fore example: $search_value = htmlentities($_GET['search_value'], >ENT_QUOTES); >If you're casting to something other than a string (such as int) than you're >safe and you don't have to use htmlentities. > > > Good call. One better is prepared statements. Avoid the problem all together.
Travis Doherty -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
