A
Anonymous
Guest
im trying to secure my site and a friend pointed out just how vulnerable it is to sql injection. and looking through various articles ive decided i want to use parametrized query's but i just cant get my head around them
heres my current code
how would i change this to secure it?
id appreciate any help anyone could give!
thanks
heres my current code
Code:
$body=$_POST['post_body'];
$thread=$_POST['thread_id'];
$forum=$_POST['forum_id'];
mysql_query("INSERT INTO `table` (Thread_ID,User_ID,Post_Content) VALUES ('$thread','$userid','$body')") or die(mysql_error());
id appreciate any help anyone could give!
thanks