Thread: PHP and MySQL Pagination
View Single Post
Old 11-02-2011, 05:28 PM  
BestXXXPorn
Confirmed User
 
BestXXXPorn's Avatar
 
Join Date: Jun 2009
Location: Asheville, NC
Posts: 2,277
Quote:
Originally Posted by KlenTelaris View Post
You mean something like this ?
PHP Code:
$sql "UPDATE table SET column='$_POST[bla]'"
Yes, do not ever do that :P Imagine if the value of $_POST['bla'] was something like...

'; DROP DATABASE 'XXXXX

Byebye data... SQL injection FTL.

Check out http://us.php.net/manual/en/mysqli.r...ape-string.php
__________________
ICQ: 258-202-811 | Email: eric{at}bestxxxporn.com
BestXXXPorn is offline   Share thread on Digg Share thread on Twitter Share thread on Reddit Share thread on Facebook Reply With Quote