bruce wrote:
my question was directed towards trying to understand if you were meaning that an app should escape all output from the mysql db?
If you think about that for a moment, I think you'll see that it doesn't make a lot of sense. Data that you get from a remote source is input, not output. Data that you send to a remote source is output.
Hope that helps. Chris -- Chris Shiflett Brain Bulb, The PHP Consultancy http://brainbulb.com/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
