> You can do much damage without using the quote character: > > http://example.com/show.php?id=3;+DELETE+FROM+Customer I thought either PHP or MySQL won't allow more than one query in a mysql_query() call. I tested the above out on a small script that does a query like: $query = mysql_query("select * from test where id = $_GET[id]"); and the script returns this: You have an error in your SQL syntax near ';DELETE from test' at line 1 -Greg -- ------SupplyEdge------- Greg Hunt 800-733-3380 x 107 gregat_private
This archive was generated by hypermail 2b30 : Wed May 29 2002 - 13:56:17 PDT