On Wed, Mar 4, 2009 at 8:04 PM, PJ <af.gourmet@xxxxxxxxxxxx> wrote some stuff... You should do a little reading on some of the keywords that have been presented. Specifically you don't sanitize a value into your db. You escape it. Prepared statements are a way of doing this that makes it a bit harder to mess up. You have to have a connection to the server to properly escape your value because databases can have lots of different character encodings. Just blindly assuming latin1 is wrong. -- http://www.voom.me | EFnet: #voom -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
