12-05-2007, 09:53 PM
|
#12 (permalink)
|
|
The Acquainted
Join Date: Nov 2007
Posts: 154
Thanks: 31
|
Quote:
Originally Posted by gcbdm
Can't they also screw up your query by using a comment, '--'? And also perhaps by using:
Code:
a';DROP TABLE users; SELECT * FROM data WHERE name LIKE '%
(taken from Wikipedia) |
Not with MySQL via PHP. PHP limits one query per call to mysql_query(). |
|
|
|