comp.lang.php archive
Re: Display selected record that has been passed to URL
From: Adam Plocher <aplocher@gmail.com>
Date: Sat Mar 11 2006 - 00:49:32 CET
Date: Sat Mar 11 2006 - 00:49:32 CET
Ren, I have written up an article on SQL Injections that you might want
to look at, too. A SQL Injection is caused when an end-user modifies
your input value and adds their own SQL to it (which could result in a
deleted DB table or worse). For this particular example you could do
something simple like
if(!is_numeric($RID))
{
die("Invalid Input");
}
More information is here:
http://www.digitalpropulsion.org/blog/Programming/SQL_Injections_in_PHP_with_MySQL
Received on Mon May 1 02:31:02 2006