

A W3Schools Intervention - rohitarondekar
http://w3fools.com

======
infinity
Unforgivable is the example code for „PHP MySQL Insert Into“ without even
mentioning the risk of SQL injections. This should be among the first things
to be explained in every tutorial, article or book on „How to connect to a
database with PHP and do something.“ If there is something like Worst
Practices, this is one of them.

There is also code diplaying unsanitized $_GET variables, opening up all
possibilities for cross-site scripting attacks. No creativity is required for
exploiting sites that use code from these examples, it's the low hanging fruit
:-(

