I know this is an old script, but its method …

Thursday, 28th March 2024

Comment on My PHP/ MySQL Restaurant Reservation Form by arbitrary username.

I know this is an old script, but its method of generating email and SQL queries are naive, unsafe and should be avoided at all costs.

strip_tags will not protect you. In some cases it won’t even properly strip html tags. Prepared statements should be used for SQL queries – this code doesn’t adequately protect against SQL injection, header injection, or really anything. Please, never use this code in production, and never post it to forums where people know better.

Share this on:

Comments are closed.