[nycphp-talk] PHP Error - Need Help Debugging
Chris Shiflett
shiflett at php.net
Wed Apr 12 22:53:48 EDT 2006
IAlsoAgree at stny.rr.com wrote:
> $checkreplies = "SELECT posts.postid, posts.subject, posts.body,
> posts.created, users.userid, users.username, users.aim, users.created,
> users.admin FROM posts, users WHERE posts.postid = \"$_GET[id]\" AND
> posts.userid = users.userid AND posts.replyto = $_GET[postid] LIMIT
> ".($pagecount-1)*10-1.", 10";
It sounds like you've fixed your immediate problem, but I'd like to
stress the risk in letting a user modify your SQL query like this. Every
time you use $_GET['id'] or $_GET['postid'], it's like handing over your
keyboard to the user - you never know what he will type.
Chris
More information about the talk
mailing list