> Also, please note that if you're using MySQL you don't have to bother at > all security-wise - MySQL won't accept more than one query per > mysql_query(). You do have to bother about regular errors though - if > $f_namn or $email contain quotes (which $email might well contain) then > you're going to end up with a database ERROR - but no harm done.
Why would you say that? While technically true that only one query can be executed per mysql_query(), you still have to worry about SQL Injection. Yes, they can't inject their own SQL queries, but they could affect the ones you issue. They could add a "OR 1" onto a select, causing it to return all rows from a table and possibly let them view data they shouldn't. Or, they can do the same thing on an UPDATE and provide their own values. It's still something to be aware of and program against. ---John W. Holmes... PHP Architect - A monthly magazine for PHP Professionals. Get your copy today. http://www.phparch.com/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
