>>124 Yeah I get it, but your wrong. Actually nether one is right because you're not doing any validation.

if(is_numeric($age) && is_numeric($id)){
if(!mysql_query("UPDATE foo SET age='$age' WHERE id='$id'"))

die ("Error: ".mysql_error());

}
else
die ("Age and id must be numbers.");

And even then you're still wrong because who is going to let the user enter any ID number and change the value?

WHERE id='$id' and memberid='".$_COOKIE['memberid']."'

And even then you're STILL wrong because $_COOKIE isn't safe.

But, if done right php can be safe and secure. And if done wrong perl or python or anything else can be insecure.

Yahoo, YouTube, Digg, FaceBook, Wikipedia, Friendster, Photobucket and TONS of other high profile sites use PHP as either there main programming tool or use it extensively. I mean come on... Yahoo uses it and they are #1...