Hi Haluk, all your mentioned actions secure sql statements against sql injection, but why invent the wheel another time if you could use prepared statements that do all this for you? Storing values with htmlentities escaped in the database is highly discouraged. It makes searching more complicated. Marco Behnke Dipl. Informatiker (FH), SAE Audio Engineer Diploma Zend Certified Engineer PHP 5.3 Tel.: 0174 / 9722336 e-Mail: marco@xxxxxxxxxx Softwaretechnik Behnke Heinrich-Heine-Str. 7D 21218 Seevetal http://www.behnke.biz -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
