Hi,
I would like to set up a fulltext search for my website.
My intentions is to just use $POST to grab the data and then run a mysql command against the $POST data.
Would this be dangerous? How can I clean the data before MySQL execution?
Always make sure you are using mysql_real_escape_string() on any values that you are using in your queries.
For more information about the danger, search the board (or the web) for SQL injection.
