Ooo... are you saying that my way of grabbing a parameter value is the vulnerability?
I.e.: blog_id = '".$colname_rs_blog."' AND blog_url = '".$urlTitle_rs_blog."'
AND, is this the case even if I am only doing a select? I am not doing an insert on this page.
Would that also apply if I did this?:
$b_url = $row_rs_blog['blog_url'];
$b_id = $row_rs_blog['blog_url'];
and then did this with the select:
blog_id = '".$b_url."' AND blog_url = '".$b_id."'