On 23/01/2008, Eric Butera <eric.butera@xxxxxxxxx> wrote:> There isn't a reason to go and report a bug as their stuff works fine. I would have filed a wish, not a bug. They are both filed in thebugzillas that I'm familiar with. In any case, I'm not filing as I'veno account there and I'll not be filing many bugs for that software.If someone else wants to file a wish, be my guest. > If you know you have utf8 and all that jazz then fine. The only> reason you should use mysql escaping is right before you put a value> into the database. To put a value in the database you must have a> connection. So this really is a non-issue in my opinion. No, I sanitize the values, and only then I decide if the value (nowsanitized and safe to work with) should go to the database. And onlyif it's going to the database do I open a connection. > Look at mysqli or pdo and start working with prepared statements. :) Thanks, I will take a look at those! Dotan Cohen http://what-is-what.comhttp://gibberish.co.ilא-ב-ג-ד-ה-ו-ז-ח-ט-י-ך-כ-ל-ם-מ-ן-נ-ס-ע-ף-פ-ץ-צ-ק-ר-ש-ת; A: Because it messes up the order in which people normally read text.Q: Why is top-posting such a bad thing?