Thread: php/forms/posting/I NEED HELP!!!!!!!!!
View Single Post
  #14   Spotlight this post!  
Unread 15-03-2006, 16:19
Uberbots's Avatar
Uberbots Uberbots is offline
Mad Programmer
AKA: Billy Sisson
FRC #1124 (ÜberBots)
Team Role: College Student
  
Join Date: Jan 2006
Rookie Year: 2005
Location: Avon
Posts: 739
Uberbots has a reputation beyond reputeUberbots has a reputation beyond reputeUberbots has a reputation beyond reputeUberbots has a reputation beyond reputeUberbots has a reputation beyond reputeUberbots has a reputation beyond reputeUberbots has a reputation beyond reputeUberbots has a reputation beyond reputeUberbots has a reputation beyond reputeUberbots has a reputation beyond reputeUberbots has a reputation beyond repute
Re: php/forms/posting/I NEED HELP!!!!!!!!!
Quote:
Originally Posted by MattD
Plain text posted is being inserted into the query. So, in theory, someone could submit something that could potentially alter the query. My advice would be to look into using the mysql_escape_string() or the mysql_real_escape_string() function.
Or, he could just make sure that no one but an administrator can get to that page. Dont execute the query if you arent logged in!


PHP Code:
if ($_SESSION['UserClass'] == 'Admin') { } 
or something like that. but if you do that, you would need to setup a login system.
I used to have a bunch of tutorials that i made about how to do this stuff.
__________________
A few of my favorite numbers:
175 176 177 195 230 558 716 1024 1071 1592 1784 1816
RPI 2012
BREAKAWAY