aneeshrp

You have to escape string when you assign the query to $aStatement. Normally in php apps, the data part for the query will be taken from $_GET or $_POST. It is always advised to escape string before executing it in DB. Alternatively you can make use of php's array map function at the start of your code to escape string. $_GET = array_map('mysql_real_escape_string', $_GET); $_POST = array_map('mysql_real_escape_string', $_POST);

http://php.net says however you could try the following this 1. use "" in form's action attribute, From my understanding leaving the action blank (action=”") is not proper and still open to XSS attacks. or use __FILE__ constant with basename() <form method="post" name="helloworld" action="<?php echo basename( __FILE__ );?>"> <input type="submit" name="submit" value="Submit" /> </form>

Hi Guys, Hope all of you are doing well. Is it possible to convert Powerpoint to an HTML file using php, if so how we can do that. Please help me its an immediate requirment. Thanks in Advance Aneesh R