edacsac - 3:04 pm on May 30, 2008 (gmt 0)

"(BAD BAD BAD DON'T DO IT)
mysql_query("SELECT * FROM table WHERE id=" . $_GET[id]); "

I use this style of select all the time, but before $_GET or $_POST vars end up in a query, I iterate through both arrays with a common function that strips, cleans and where nessecarry allows arguments for custom stripping.