Rick Emery wrote: > You can still use extract($_POST). > It is as safe/vulernable as $_POST['isAdmin']. > > In either case, use only variables that you know are yours and be certain > these contain values which you believe to be safe. For instance, if you expect > a variable called $firstname to contain a name to be stored in a SQL database, > be certain it does not contain SQL commands which can damage your database. >
Okay, I know I can use strip_tags() and/or htmlspecialchars() to strip out or modify HTML and PHP code in a string, but, how does one do the same with MySQL code in a string to prevent tampering? Monty -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
