Dave M G wrote: > Robert , PHP General, > > Thank you for replying and explaining the situation clearly. >> Neither! It means using mysql_real_escape_string(): >> http://www.php.net/manual/en/function.mysql-real-escape-string.php > > I have now made it so each and every queries to the database pass > through mysql_real_escape_string. The way you write that makes me hope you understand how mysql_real_escape_string should be used. You do understand that you don't run it on the query, rather on the individual string variables that will be passed to the query. Cheers -- David Robley Moderators are not God. God has mercy. Today is Boomtime, the 11st day of Confusion in the YOLD 3173. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
