Quote:
Originally Posted by BestXXXPorn
All these people offering advice and nobody points out to you that you have a giant gaping massive security hole... never, Never, NEVER use GET or POST variables right in a fucking SQL statement...
|
Yeah, I was pretty shocked too.
Code:
$page = mysql_escape_string($_GET['page']);
In fact, I'd probably even set it as an INT as well.