> I set up a simple form to save comments on my webpage, and after just one > day of going live, i'm getting weird comments up like this > > declare @q varchar(8000) select @q = > 0x57414954464F522044454C4159202730303A30303A313027 exec(@q) > > > I don't recognise this code - is this an attempt to do something nefarious, > or nothing I should worry about?
Looks like it may be. As long as you escape you SQL correctly using mysql_real_escape_string() or the equivalent, you should be OK. -- Richard Heyes HTML5 Canvas graphing for Firefox, Chrome, Opera and Safari: http://www.rgraph.net (Updated March 28th) -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
