Posted 04 October 2006 - 04:13 PM
If the user posts something you want to set into your database, will they could finished the insert statement and execute a drop and delete statement in the same mysql_query method?
site.php?id = ....
$id = "'; DELETE FROM users WHERE id = 1" //user changed variable
mysql_query("SELECT navn FROM users WHERE id = '$id'")
The above code does not work, but I hope you got the idea of it. Is it possible in any way?
Posted 04 October 2006 - 06:19 PM
Posted 04 October 2006 - 06:26 PM
As far as I know, there is no difference how mysql_query() behaves depending on the MySQL version. One query is allowed, not more.
I believe mysql5 may handle multiple queries seperated by colons.
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users