Brelupheigree
New Member
I have a site written in PHP utilizing PDO. I am using the bindParam() function to bind to a sql insert query:\[code\]("insert into Table (id, date, data) VALUES (?, ?, ?)")\[/code\]but I am able to insert a string containing\[code\]"<script>window.location="google.com"</script>"\[/code\]How to prevent this?Thanks!!!