CodingForums.com - View Single Post

Stooshie · 01-28-2011, 12:29 PM

Thanks for that. The only thing I would say is that your code could be open to SQL injection attacks since you are effectively concatenating the user input into the query. Using params for DB interaction may be better. (See the PEAR adodb extension).

01-28-2011, 12:29 PM	PM User \| #2
Stooshie Regular Coder Join Date: Mar 2008 Location: Dundee, Scotland Posts: 376 Thanks: 9 Thanked 39 Times in 39 Posts	Thanks for that. The only thing I would say is that your code could be open to SQL injection attacks since you are effectively concatenating the user input into the query. Using params for DB interaction may be better. (See the PEAR adodb extension). __________________ Regards, Stooshie O