SQL injections are a major security risk in many PHP applications. Injections are caused when a web developer allows the end-user to manipulate a variable that is being inserted into a database query string, generally through the $_GET, $_POST or $_SESSION superglobals.
read more | digg story
