i founded this as some user try to put it in my sql
but using mysql_real_escape_string it actully save my website ..
i just want to ask what this code exactly do .. thanks alot ;)
(select(@) from (select (@:=0x00),(select (@) from (TABLE) where (@) in (@:=concat(@,0x0a,col1,0x3a,col2,0x3a,col3))))a)