On Mon, 21 Mar 2005, Craig White wrote:
> I have a problem with quoting strings
<snip>
> which when POSTed - results in...

AH!  Don't pass an SQL query as a variable to a webpage.  That means, if 
someone figures out what you're doing they can query anything in your 
database.  They could post any SQL query that they wanted.  Unless this 
is a very internal site, or you're somehow validating that string, you 
should change the way you're approaching this problem.

		--Ted
---------------------------------------------------
PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us
To subscribe, unsubscribe, or to change  you mail settings:
http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss