Alan Pope wrote:
> 2009/2/4 Chris Smith <cjs94@???>:
>> Brian Chivers wrote:
>>> mysql_query(INSERT INTO stream (channel, starttime, title,
>>> description, genre, filename) VALUES
>>> ('$channel','$starttime','$title','$description','$genre','$filename'));
>>>
>> It sounds like you're not doing any form of input validation; you really
>> should, otherwise you leave yourself open to all sorts of nasty attacks.
>>
>
> Indeed. http://xkcd.com/327/
>
> Cheers,
> Al.
>
OK I'll get out the milton fluid and clean things on the way in :-)
------------------------------------------------------------------------------------------------
The views expressed here are my own and not necessarily
the views of Portsmouth College
