On Mon, 5 May 2008 09:14:40 +0200, Mark Huizer
<xaa+news_comp.databases.mysql@dohd.org> wrote:

>The wise Geoff Cox enlightened me with:
>>
>> I have perhaps over simplified above - in fact only in one case is the
>> user asked to type in data - in the other cases it's a matter of
>> clicking on one of two images to give a response.
>
>And what if the user crafts his own http response? You don't check the
>data he is giving you, so you might be in trouble. sprintf's and/or
>mysql_escape_string is your friend.
>
>Mark


Mark,

I have now added mysql_escape_string to all the php files!

Cheers

Geoff