I'm not familiar with sql injection and I wanna know if there is any invulnerability in my script, if there is please point it out and give me some tip to fix it.
include("config.php");
?>
$desc = $_POST['desc'];
$desc = mysql_real_escape_string($desc);
$author = $_POST['author'];
$date = date("d/M/Y");
mysql_query("INSERT INTO `changelog`(`author`, `date`, `description`) VALUES ('{$author}','{$date}','$desc')") or die(mysql_error());
include("success.php");
?>
No comments:
Post a Comment