Please, before you write any more SQL interfacing code, you must read up on proper SQL escaping to avoid severe SQL injection bugs like the ones you have here. Also, mysql_query should not be used in new applications. It's a deprecated interface that's being removed from future versions of PHP. A modern replacement like PDO is not hard to learn and is a safer way to compose queries. $_POST data never goes directly in a query.
Created
March 6, 2014 22:48
-
-
Save tadman/9401463 to your computer and use it in GitHub Desktop.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment