Code: Select all
$unsafe_variable = $_POST['user_input']; Code: Select all
mysql_query("INSERT INTO table (column) VALUES ('" . $unsafe_variable . "')");Code: Select all
INSERT INTO table (column) VALUES('`**`value'); DROP TABLE table;--`**`')Moderator: General Moderators
Code: Select all
$unsafe_variable = $_POST['user_input']; Code: Select all
mysql_query("INSERT INTO table (column) VALUES ('" . $unsafe_variable . "')");Code: Select all
INSERT INTO table (column) VALUES('`**`value'); DROP TABLE table;--`**`')resonant wrote:EDIT: Wow, really? http://pastebin.com/6DxQcPrm <- because double htmlentities() is fail
Code: Select all
tags are broken - use [syntax=php] instead.