Hello, "Rick Emery" <[EMAIL PROTECTED]> wrote:
> Lets say you have a statement like: > $query = "SELECT * FROM mytable WHERE firstname=$firstname"; > > And if $firstname is set to: > "xyz"; DELETE FROM mytable > > Then this is executed as: SELECT* FROM mytable WHERE firstname="xyz";DELETE FROM mytable > > This can wipe out your table...a bad thing... Well, one way you can avoid similar things to happen is, you can do something like, say, create a user that can only SELECT. If the user can only SELECT then it cannot DELETE. - E ...[snip]... -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
