Posted by Peter Fox on 02/24/06 14:24

Following on from Mark's message. . .
>relevant code:
>
>// submit comment
>if( $name && $comment )
>{
> $query = "INSERT INTO comments (name,email,comment,id) VALUES
>('$name','$email','$comment',$id)";
> mysql_query($query,$db);

You /have/ taken precautions to avoid SQL injection?

--
PETER FOX Not the same since the cardboard box company folded
peterfox@eminent.demon.co.uk.not.this.bit.no.html
2 Tees Close, Witham, Essex.
Gravity beer in Essex <http://www.eminent.demon.co.uk>

• Next in forum: Re: Weird query results / <title> issues
• Prev in forum: Re: Sign-in Link to Database?
• Thread view: Re: refresh causes double post

[Reply to this message]