I agree, but they all provide some level of handling just might not be the 'most correct' way of handling it bastien> Subject: RE: mysql input> From: robert@xxxxxxxxxxxxx> To: bastien_k@xxxxxxxxxxx> CC: nihilismmachine@xxxxxxxxx; php-general@xxxxxxxxxxxxx> Date: Mon, 18 Feb 2008 23:31:21 -0500> > > On Mon, 2008-02-18 at 23:19 -0500, Bastien Koert wrote:> > mysql_real_escape_string()> > addslashes()> > htmlentities()> > > > take your pick> > That's a bad answer. If he's using MySQL then he SHOULD use> mysql_real_escape_string(). None of the other functions will fully> protect him from malicious input.> > Cheers,> Rob.> -- > .------------------------------------------------------------.> | InterJinn Application Framework - http://www.interjinn.com |> :------------------------------------------------------------:> | An application and templating framework for PHP. Boasting |> | a powerful, scalable system for accessing system services |> | such as forms, properties, sessions, and caches. InterJinn |> | also provides an extremely flexible architecture for |> | creating re-usable components quickly and easily. |> `------------------------------------------------------------'> _________________________________________________________________
