On 20/11/14 07:29, Yasuo Ohgaki wrote:
> $id = $_GET['id'];
> pg_qeury("SELECT * FROM some_table WHERE id = $id;");Anybody using that method of passing parameters to a database needs much better education. This particular proposal just adds yet another 'how not to' rather than actually fixing the underlying security problems. Tidy up what exists - don't create yet another set of functions that can still be abused. -- Lester Caine - G8HFL ----------------------------- Contact - http://lsces.co.uk/wiki/?page=contact L.S.Caine Electronic Services - http://lsces.co.uk EnquirySolve - http://enquirysolve.com/ Model Engineers Digital Workshop - http://medw.co.uk Rainbow Digital Media - http://rainbowdigitalmedia.co.uk -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php
