On Wed, Oct 5, 2011 at 6:56 PM, C Lindgren <[email protected]> wrote:
> if (isset ($_post ['submit'] )) {
Aside from this use of POST being a huge security hole, $_post is spelled
wrong: it whould be $_POST (or $_REQUEST if you want to treat GET/POST the
same).
> $sql=$db->exec("INSERT INTO
> users(ID,username,password)
> VALUES
> ('0','".$username."','".$**password."')");
>
If it's not clear why that is a huge security hole, google for "sql
injection attack" and then read up on PDO::prepare() for how to avoid that
problem:
http://php.net/manual/en/pdo.prepare.php
--
----- stephan beal
http://wanderinghorse.net/home/stephan/
_______________________________________________
sqlite-users mailing list
[email protected]
http://sqlite.org:8080/cgi-bin/mailman/listinfo/sqlite-users
