Hello, how are you? we know that, if we want to make a good web page, we should make a security. I only know about XSS and SQL injection Attacks. Ok, we know that, if we want to make a security for Injection we should use mysql_real_escape_string() or preg_match() or we can use also httaccs. but i've just seen SQL injection Exploiit for IPB Forum. its hard to belive that IPB creator does not uses escape string fucntion. How hackers can take information from SQL? - i don't know , I need answers. and is there any other way to break web page, i want to know about the bugs, to create a good web page