On Sat, Mar 7, 2009 at 8:04 AM, Michael A. Peters <mpeters@xxxxxxx> wrote: > In some earlier thread (I really don't want to dig to find it) I argued for > running mysql_real_escape_string right on the _POST > > I must concede I was definitely wrong about that. > > The right place to do it is in a database abstraction class that does the > actual insert for you, so that if you need to move your app to a different > DB backend you just need to add the proper support to your abstraction class > for the new DB. > > Let it take care of the escaping when it inserts. > > Anywhoo, that being said, does anyone have a suggestion for a good database > abstraction class? > > Preferably one that already has decent support for several open source > databases? > > -- > PHP General Mailing List (http://www.php.net/) > To unsubscribe, visit: http://www.php.net/unsub.php > > PDO. :) Anything else is a waste of cpu cycles. -- http://www.voom.me | EFnet: #voom -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
