On Wed, May 24, 2006 4:50 am, phplist@xxxxxxx wrote: > Is a serialized array a "safe" string to insert into a mysql text > field? Or is a > function such as mysql_real_escape_string always needed? Assume that a Bad Guy is smart enough to get SOMETHING in there to mess you up, even if you serialize it. Thus, you need to escape it. -- Like Music? http://l-i-e.com/artists.htm -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
