How to prevent SQL Injection via the array parameter? (CVE-2017-14069)

Hello, this page suggest that the sql_query

$r = sql_query("SELECT modcomment FROM users WHERE id IN (" . implode(", ", $_POST[usernw]) . ")")or sqlerr(__FILE__, __LINE__);
Code (SQL):

is […]

See original post by invalid@example.com (postcd)

Leave a Reply