Christoph Koehler wrote: > I am very interested to see the SQL injection > and learn from it. just a normal update-query like this one: $query = ' SELECT * FROM table WHERE uid = '.$postvars['uid']; georg