5 minutes ago, I downloaded Site-Sift listings and started to look at the code. Immidialety, I found a point where the database was wide open for hackers. It was in the add_page.php page, the code looked like this: GetSQLValueString($_POST['rLink'], "text") GetSQLValueString($_POST['url'], "text"), GetSQLValueString($_POST['title'], "text"), GetSQLValueString($_POST['description'], "text"), $exp, //fetch expire date from above GetSQLValueString($_POST['keywords'], "text"), GetSQLValueString($_POST['active'], "text"), GetSQLValueString($_POST['ip'], "text"), GetSQLValueString($_POST['catID'], "int"), GetSQLValueString($_POST['email'], "text"), GetSQLValueString($midvalue, "int", GetSQLValueString($completedvalue, "int"), GetSQLValueString($checktext, "text")); Code (markup): Hackers could easily enter db queries in any textfield by first entering "' ". So I made it safer.. GetSQLValueString(mysql_escape_string($_POST['url']), "text"), GetSQLValueString(mysql_escape_string($_POST['title']), "text"), GetSQLValueString(mysql_escape_string($_POST['description']), "text"), $exp, //fetch expire date from above GetSQLValueString(mysql_escape_string($_POST['keywords']), "text"), GetSQLValueString(mysql_escape_string($_POST['active']), "text"), GetSQLValueString(mysql_escape_string($_POST['ip']), "text"), GetSQLValueString(0 + $_POST['catID'], "int"), GetSQLValueString(mysql_escape_string($_POST['email']), "text"), GetSQLValueString(0 + $midvalue, "int"), GetSQLValueString(0 + $completedvalue, "int"), GetSQLValueString(mysql_escape_string($checktext), "text")); Code (markup):