Haluk Karamete <halukkaramete@xxxxxxxxx> hat am 20. Januar 2012 um 20:56 geschrieben: > Do we all agree on that? It's a plain YES or NO question right here. No, I do not agree. 1) There is no sense in cleaning up all arrays using mysql escape. This one is for escaping BEFORE using it in a query. Why should I alter all my get/post data, if not all data is passed to sql? 2) Think about big post arrays and consider 1) Why should I waste CPU time to escape all my data, even if not all data is used in sql? 3) The approach you try to re-invent here is already known, take a look at the php docs by searching for filter extension 4) What is the sense in connecting to a database at the begin of every script? What if the script will not use it, because of data validation failed? You wated a mysql connection on that. There are many more reasons, and I am sure there will be follow ups on that. Si it's a plain NO from me. Marco Behnke Dipl. Informatiker (FH), SAE Audio Engineer Diploma Zend Certified Engineer PHP 5.3 Tel.: 0174 / 9722336 e-Mail: marco@xxxxxxxxxx Softwaretechnik Behnke Heinrich-Heine-Str. 7D 21218 Seevetal http://www.behnke.biz -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php