12-08-2007, 10:20 PM
|
#13 (permalink)
|
|
The Acquainted
Join Date: Nov 2007
Posts: 154
Thanks: 31
|
Quote:
Originally Posted by Village Idiot
Always single quote your variables, otherwise injection is easy (even if cleaned). For instance...
|
Thanks for that, it's a really good point; I forget not everyone is conscientious enough (or aware) to properly filter and validate data prior to use. Ok, if you've already validate, filtered, escaped your data, don't surround INT values in quotes.  |
|
|
|