2009/2/4 Chris Smith <cj...@zepler.net>:
> Brian Chivers wrote:
>> mysql_query(INSERT INTO stream (channel, starttime, title,
>> description, genre, filename) VALUES
>> ('$channel','$starttime','$title','$description','$genre','$filename'));
>>
>
> It sounds like you're not doing any form of input validation; you really
> should, otherwise you leave yourself open to all sorts of nasty attacks.
>Indeed. http://xkcd.com/327/ Cheers, Al. -- Please post to: Hampshire@mailman.lug.org.uk Web Interface: https://mailman.lug.org.uk/mailman/listinfo/hampshire LUG URL: http://www.hantslug.org.uk --------------------------------------------------------------
