Make sure to parse the input, instead of using $_GET... it's too easy for hackers to embed stuff...
Shawn McKenzie <[EMAIL PROTECTED]> wrote:
$result = yoursqlfunc("SELECT person FROM sometable WHERE
firstname='$_GET[fn]' AND lastname='$_GET[ln]'");
