Add new comment
Submitted by freedimension (not verified) on Tue, 2004-11-23 00:26.
@Ole Hansen: You call that clean? What if the Value of $_POST['bewertung'] doesn't meet any of the criterias? Where is the default Value for $punkt? This way you can too easily inject harmful SQL-Code if the server permits it. Now with the newer versions of MySQL doing nasty things is no problem as subselects are allowed.