On Fri, Jan 28, 2011 at 09:44:38AM +0100, Peter Bex wrote: > > SELECT * FROM users WHERE name='$name'
<snip> > But when $id is filled in as "x' OR 'a'='a", you get this parse tree: Of course, I meant to say $name here, not $id. Cheers, Peter Bex Solide ICT - http://www.solide-ict.nl _______________________________________________ Dev mailing list [email protected] http://lists.chamilo.org/listinfo/dev
