John, >>Then if you use a MySQL database you would escape the string like this >>$tmp = mysql_real_escape_string($_REQUEST['yyy']); >>mysql_real_escape_string() protect from SQL injection by escaping your >>string according to what your charset requires. Good point, I should be doing that. But only to String, not data stored in MySQL as Int or Date, etc. -ML -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
