On Fri, 2010-02-19 at 15:18 +0200, Dotan Cohen wrote: > In order to prevent SQL injection, can one simply base64 encode the > data and store that? Then it can be decoded when I need to display it > on a website. I understand that this means that the data will not be > searchable, and that I still must sanitize it before printing it on > the site. Are there any other drawbacks or things to be aware of? > Thanks. > > -- > Dotan Cohen > > http://what-is-what.com > http://gibberish.co.il > > Please CC me if you want to be sure that I read your message. I do not > read all list mail. > I assume this would work. I always use mysql_real_escape_string(), although that would predetermine your choice of database. That would allow your content to be searchable though. Thanks, Ash http://www.ashleysheridan.co.uk
