Hello,
> $result = mysql_query("INSERT INTO user_list VALUES ( NOW(), 0, ".
> "'$username', password('$password'), ".
> - "'$realname', '$email', NOW(), 0, 0)");
> + "'$realname', '$email', NOW(), 0, 0, '$CVSrelease')");
Shouldn't one use "'".mysql_escape_string($username)."','" etc.? Or is
it ensured elsewhere that no unwanted characters are in the string? ( '
is escaped in PHP, isn't it?)
Tobias