Not sure exactly what you mean by a SQL injection attack. I'm thinking a string could be input as opposed to an integer ? The form itself constricts user to a set of choices.
Stuart --- Harald Fuchs <[EMAIL PROTECTED]> wrote: > I think this is bad advice, even for a novice like > Stuart, because it > is susceptible to SQL injection attacks. I don't > know if PHP has > prepared statements like Perl DBI; if not, > $daterange should either be > quoted or checked in PHP if it's really a number. > > > -- > MySQL General Mailing List > For list archives: http://lists.mysql.com/mysql > To unsubscribe: > http://lists.mysql.com/[EMAIL PROTECTED] > > -- MySQL General Mailing List For list archives: http://lists.mysql.com/mysql To unsubscribe: http://lists.mysql.com/[EMAIL PROTECTED]
