David,
Thank you for replying.
The way you write that makes me hope you understand how
mysql_real_escape_string should be used. You do understand that you don't
run it on the query, rather on the individual string variables that will be
passed to the query.
Thank you for your concern and clarification.
I do understand the distinction, though, and although my description was
terse, what I meant was that the content that is placed within the MySQL
queries are screened with mysql_real_escapte_string, but the MySQL
syntax of the query is left alone.
I'm pretty sure if I hadn't made that distinction, my site would have
malfunctioned immediately.
Thank you for following up.
--
Dave M G
Ubuntu Feisty 7.04
Kernel 2.6.20-16-386
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
