Quote:
Originally Posted by prydie
Were do you suggest that there is sql injection? There is only one query and that has addslashes on the only user inputed variable.
|
I'm sorry , but the addslashes class doesn't afford you any protection against SQL injection attacks. You have to detect malicious user input pro-actively using advanced error rejection exception techniques, or regular expression string rejection constructs.