Eric Butera wrote:
On Wed, Mar 4, 2009 at 8:18 PM, Chris <dmagick@xxxxxxxxx> wrote:
You only need to escape data coming from a user going in to your database.
If you put user input into your database and pull it back out, it's
still raw user input. Never trust any piece of data ever, whether it
comes from a superglobal OR within your app itself.
Isn't that what I said?
--
Postgresql & php tutorials
http://www.designmagick.com/
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php