i'm about to install vbb forum,but i heard that people can hack my forum by using SQL injection ? but SQL injection was fixed by vbb already ,is this rite?and do u guy know any website talk about SQl injection ?

The following website talks about SQL injections:

http://databases.about.com/library/weekly/aa010503a.htm

thanks

if i remember correctly, there is a mysql_* function that should be used with every sql command..

i believe it is mysql_escape_string()

Yes. any abritrary data going into an SQL query should be passed through mysql_escape_string().

php safe mode on

thanks alot ;)

or php's addslashes() - which may be done via magic_quotes automatically as well :) And using the post arrays are also a good idea ;)

so,let's say people use those code type on browser to inject mysql?

Of course you could change the public website user permissions to prevent it running ALTER, CREATE or DROP commands so injection of those commands is impossible.

ok, ;)