DM> (i.e. Make sure there's nothing but an integer coming in as a parameter). > One is to cast to int in PHP, like: > $query="select * from my_table where id=".((int)$id); It's a small point, but if you're using PHP, there is already an intval() function that can be used to see if input really is an integer.. If you don't have a number, it returns 0. --rowan
This archive was generated by hypermail 2b30 : Mon Sep 17 2001 - 13:55:32 PDT