|
Since day one of me doing MySQL stuff in PHP, I've always set
up my query as a variable then put it into the query function such as
this:
$query = "SELECT * FROM bobstuff WHERE
id='1'";
$result = mysql_query($query,
$connection);
I've just come aware of the security risks of this. How could
I make it so the $query variable isn't editable from the URL? Should I turn
register_globals off?
"Life is a gift from God. Wasting it is like destroying a gift you got from
the person you love most." -- http://www.melchior.us
|
-- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
