02-13-2008, 08:03 PM
|
#4 (permalink)
|
|
The Acquainted
Join Date: Nov 2007
Posts: 154
Thanks: 31
|
Quote:
Originally Posted by webtuto
PHP Code:
$sql = "select * from `admin` where name='$_POST[name]' and pass='$_POST[pass]'";
|
Never a good idea to allow POST data to directly interface with your database. Please be careful about passing bad code to new users!!
Google search : SQL injection
__________________
I reject your reality, and substitute my own.
|
|
|
|