and what if $_GET['id'] is something like
"1; DROP TABLE tb_emails;"
??
SQL injection just waits to happen
I think tha tit will be too much of a hacker effort just to kill a table
of contact emails, and also he will have to guess ( is there other way
? ) the table name, but just to be on a safer side:
- Is there a way to say that id can only be a number ?
something like $id:Number = $_GET['id']?
TIA
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php