Skip navigation.

Add new comment

Oh Lord, this can't be...

First, connecting to the MySQL server as root without a password.

Second, closing the MySQL connection right after connecting and even without checking if the connection actually succeeded.

Third, making one query by each field. Terrible.

And fourth, not escaping the $id variable before placing it into the SQL queries.

Well, at least he took the time to align all the equals signs...



  • Web and e-mail addresses are automatically converted into links.
  • Allowed HTML tags: <a> <em> <strong> <cite> <code> <ul> <ol> <li> <dl> <dt> <dd> <pre> <p> <br /> <br>