> > And quoting integers is not a problem, I even prefer it. IMHO we should > > tell people to quote all values so if someone "forgets" to do any sort of > > input validation (i.e. make sure it's actually an integer) there won't be > > a major problem otherwise problems (including SQL injection) may arise. > > I wouldn't recommend that you recommend that to everyone. Not all > databases will allow you to enter a STRING into an numeric field. MySQL > may be lenient on it, but that doesn't mean you should get in the habit > of using it that way. Properly validate your data and none of this is an > issue. :)
Yeah, we all know you want magic_quotes_gpc off by default too but can PHP coders really be that trusted? ;) I was only referring to MySQL, will look into the string/int index issue a bit later. Yes it would be nice if people validated data but having to write about that everytime gets old. My advice wasn't ideal, I'll admit that. Regards, Philip -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
