Robert , PHP General, Thank you for replying and explaining the situation clearly.
Neither! It means using mysql_real_escape_string(): http://www.php.net/manual/en/function.mysql-real-escape-string.php
I have now made it so each and every queries to the database pass through mysql_real_escape_string.
I've also turned off magic quotes on my host and on my testing environment, and made it so my code tests for the existence of magic quotes before adding and stripping slashes.
I was wondering if there are some recommended tests I can try to see how well I am protected against MySQL injection. I was searching via Google because I thought I had seen before a site that listed 10 common injection attacks. But I can't find it now, and seem to be only coming across proprietary software for sale.
Can someone recommend some MySQL code that I can use to test my code? -- Dave M G Ubuntu Feisty 7.04 Kernel 2.6.20-15-386 -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php