On Mon, 2008-02-18 at 23:19 -0500, Bastien Koert wrote: > mysql_real_escape_string() > addslashes() > htmlentities() > > take your pick That's a bad answer. If he's using MySQL then he SHOULD use mysql_real_escape_string(). None of the other functions will fully protect him from malicious input. Cheers, Rob. -- .------------------------------------------------------------. | InterJinn Application Framework - http://www.interjinn.com | :------------------------------------------------------------: | An application and templating framework for PHP. Boasting | | a powerful, scalable system for accessing system services | | such as forms, properties, sessions, and caches. InterJinn | | also provides an extremely flexible architecture for | | creating re-usable components quickly and easily. | `------------------------------------------------------------' -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
