you should definitely quote it because serialized strings can still contain quotes, semicolons, commas, etc... and other stuff thats used in sql injection attacks. On 5/24/06, phplist@xxxxxxx <phplist@xxxxxxx> wrote:
Hi, Is a serialized array a "safe" string to enter into a mysql text field? Or is a function such as mysql_real_escape_string needed to ensure it is inserted correctly? regards Simon. -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
-- Scott Hurring [scott dot hurring dot lists at gmail dot com] http://hurring.com/
