You cannot put things in that way. You either use the first fix posted, which will work and protect you or the last one, which will also protect you. The last one is a bit more restrictive, since it forces the value input through the form to be a number and if it isn't, it just uses the forum time instead.
What you cannot do is to remove a single line from the fix and ask if that line is correct. Each of the fixes works as whole.
Personally, I prefer the last fix, since it's more restrictive, but both will protect from SQL Injection.
I would imagine the last post that Ruirib made. While the latest addition isn't strictly necessary, it makes sense to keep people from injecting bad data into the field. If I remember right it was updated to account for people who were trying the hack on a patched forum. The attempted hack did put some invalid data in the field, but did not "hack" the forum.
Edit: I guess if I'd have just waited one more second the answer would have been there already.
Topic Locked
Posted - 12 December 2007 : 13:32:07
.