Welcome to WebmasterWorld Guest from 18.104.22.168
Forum Moderators: phranque
Reason I ask is if you have a query like this
select * from table where field like "%$term"
A quote can do some serious damage.
$term = 'blah%22%20or%201=1%22';
Add those two together,
select * from table where field like "%blah" or 1=1"
And you have a basic mysql injection that displays all records from a given table.