<<< Date Index >>>     <<< Thread Index >>>

Re: DB_eSession deleteSession() SQL injection



I think the solution below is a better and safer approach.

replace addslashes() with mysql_real_escape_string()

$_sess_id_set = ( empty($_sess_id_set) ) ? NULL: 
mysql_real_escape_string($_sess_id_set);