|
|
Posted by Starbuck on 05/05/06 03:13
"ED" wrote:
> Hi Starbuck,
> Just as an aside, the line:
> mysql_query("INSERT INTO table VALUES($firstname, $lastname)");
> leaves you wide open to SQL injection attacks.
>
> You need to safely escape the values before inserting into the DB, look at
> mysql_real_escape_string() or mysql_escape_string() depending on the
> version of PHP you are using.
>
> cheers,
> ED
Hi Ed.
Yeah, I haven't really looked into the best ways to write data back into the
database yet. Ill definitely look into it. Thanks for your advice.
Navigation:
[Reply to this message]
|