justgowithit - 1:34 pm on Jun 14, 2006 (gmt 0)

- ** Validate your input prior to passing it (it doesn't look like you have any validation here)
- Use a variable security graphic input
- Make sure that register_globals is OFF
- Make sure your originating form's action is declared correctly
- Post through https and redirect successful queries back