This has a security hole, and anyone entering data from the form can inject code directly into your query. Parameterizing your query would be a much better method than directly inserting $_POST data into your raw query.
You can use [html][/html], [css][/css], [php][/php] and more to embed the code. Urls are automatically hyperlinked. Line breaks and paragraphs are automatically generated.
2 Responses
Write a comment
You can use [html][/html], [css][/css], [php][/php] and more to embed the code. Urls are automatically hyperlinked. Line breaks and paragraphs are automatically generated.