* Hilko Bengen: > db_query uses sprintf to replace placeholder expressions if passed > more than one argument and it seems to me that using %s does the same > thing as PHP's string expansion as in 4.5.3.
What about SQL injection? Doesn't db_query protect against it, while PHP's string expansion doesn't? -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
