On 4/13/06, Roger <[EMAIL PROTECTED]> wrote: > Thanks for that. Its just that i am developing an application using > PHP/Sqlite and was having a major problem with escaping. But i got it > eventually. for anyone who might have a problem its. > > <? > ..... > > $SQL = "Select * > From people > where name LIKE '".$_GET['criteria']."' > Order by Name ASC "; > ...... > ?>
I don't do any web development and don't know PHP, but isn't this an example of how not to do things? It is screaming "SQL injection atack" all over it. Off course I can be completelly off, but I don't think so. Best regards, ~Nuno Lucas
