[Tutor] Updating MySQL Database

Kent Johnson kent37 at tds.net
Wed Oct 10 14:52:12 CEST 2007

Kent Johnson wrote:

> It 
> also looks like you are embedding the data in the SQL command, this is 
> very bad practice, it opens you to SQL injection attacks

For a humorous explanation of why you don't want to directly embed data 
into SQL commands, see today's xkcd:


More information about the Tutor mailing list