>> If you're using MySQL, you can use mysql_real_escape_string(). If
>> you're using another database, hopefully there is a similar function.
>
>Doesn't MySQL automatically protect against attacks like SQL injection?
>Or maybe it's that it automatically applies addslashes()? I can't
>remember exactly.
No - I don't think any database could automatically protect against SQL
injection, since the basis of that attack is the malformation of queries
before they even hit the DB. There is a magic quotes feature, which adds
slashes to request variable. You may be thinking of that:
<http://php.net/manual/en/ref.info.php#ini.magic-quotes-gpc>
---------------------------------------------------------------------
michal migurski- contact info and pgp key:
sf/ca http://mike.teczno.com/contact.html
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
