sql injection
Hi Ray
Hope you can help with this. I have a couple of pages that Jason helped me with originally and you helped me convert them to mysql_i. They use checkboxes to select email recipients. I'm told that the following lines leave the page vulnerable to an sql injection and hope there is an easy fix.
line 16: $WAFV_Errors .= WAValidateRQ(((isset($_POST["toEmail"]))?implode(", ",$_POST["toEmail"]):"") . "",false,2);
line 58: $Email->addBCC("".((isset($_POST["toEmail"]))?implode(", ",$_POST["toEmail"]):"") ."");
I've attached the page.
Many thank
Chris