I hope you read this! Big problems. If I did
[
www.url.com]'
then it would break it and allow a hacker to get in. I'm suprised CyberSpatium would released unprotected code
Please use this:
$query = "SELECT id, fname, lname FROM database WHERE id='".intval($_POST['id'])."'";
That will convert 1 into 1, 134 into 134, and imtryingtohackyou into 0. Its sfaer that way.