Posted by Alvaro G. Vicario on 12/17/25 11:56

*** Bart escribió/wrote (23 Aug 2006 14:19:47 -0700):
> $addentry = "insert into
> ipsheet(ipaddress,name,nat,pingresponse,dnsresolution,location,comments,sm,vlan,macaddress)
> values
> ('$_POST[ipaddress]','$POST[name]','$POST[nat]','$_POST[pingresponse]','$_POST[dnsresolution]','$_POST[location]','$_POST[comments]','$_POST[sm]','$_POST[vlan]','$_POST[macaddress]')";
> $rs = mysql_query($addentry);

Find some reading about SQL Injection. Wikipedia article is quite
interesting.

Short answers: mysql_escape_string()



--
-+ http://alvaro.es - Álvaro G. Vicario - Burgos, Spain
++ Mi sitio sobre programación web: http://bits.demogracia.com
+- Mi web de humor con rayos UVA: http://www.demogracia.com
--

[Back to original message]