- User logs in
- User clicks storage link
- Storage loads and shows items that are currently in his/her storage
- In column: Itemnum, the data is the item number of the item in storage
Moderators: osRose dev team, ospRose dev team, osiRose dev team, Moderators
hoegarden31 wrote:Back to xadet3 (i know it's a long time ago :p) It doesn't matter if it's generated in the php code. If you pass that variable into a get, you can use tamper data (firefox plugin) to intercept the data you just send or recieve, and then change it the way you want (including adding some sql injections) So never use a get or post into a query without escaping it first.
"why don't you use addslashes instead of mysql real escape string"
Return to PHP / Web Guides, Scripts and tools.
Users browsing this forum: No registered users and 6 guests