Code:
<?
include 'header.php';
//Add these lines to ensure you don't get hacked
$_POST = trim(array_map('mysql_real_escape_string', $_POST));
$_GET = trim(array_map('mysql_real_escape_string', $_GET));
$_COOKIE = trim(array_map('mysql_real_escape_string', $_COOKIE));
?>
You sould add these three lines to your code to ensure your users don't inject arbitrary SQL statements ... Hacking...