I advocate high security coding but I was trying to write a simple script for beginners to learn from. I suppose mysql_real_escape_string() could have been used but add slashes gives us the security we need here. I can't see any way to inject it but you are welcome to try. I will send it across to one of my mates in the security field and see what they think but I am confident that there is no means of exploiting the script.
Last edited by prydie; 28-03-2008 at 09:47 PM.
|