[VIM] Verified PHP-addressbook view.php/id SQL injection

[Steven M. Christey]

Verified the above issue via source code inspection.

$id variable is injected directly into SQL; include files do not
define it.  See source extract below.

Other issues are highly likely.

- Steve

=====================

<?php
include ("include/header.inc.php");

include ("include/dbconnect.php");

if ($id) {

   $result = mysql_query("SELECT * FROM $table WHERE id=$id",$db);