03-26-2003, 03:41 PM
|
#8 (permalink)
|
| Masked Moderator
Join Date: May 2002 Location: Indianapolis, IN
Posts: 260
| Quote:
Having code in your page that says:
SQL = "DELETE FROM table WHERE ITEM1 = '" & request.form("toDelete") & "'"
could be potentially dangerous. If someone managed to figure out your table name, they could populate request.form("toDelete") with the following:
1;DROP TABLE table;
Which would delete item #1, and then dump the table. So very not good.
| Not with a checkbox.....
__________________ ~Ryan  |
|  |