Quote:
Originally Posted by d-null
what are the most common injection hack vulnerabilities that a simple script like this might inadvertantly run into in the wrong hands? what should be done as basic protection?
|
The 'mysql_escape_string' part should take of that. It will escape the common characters people use to sql inject.
Now when people want to correctly use ' or " in the form you're going to run into another problem.
Quote:
|
You\'re text is going to look something like \\"this\\"
|