David, Thank you for replying.
The way you write that makes me hope you understand how mysql_real_escape_string should be used. You do understand that you don't run it on the query, rather on the individual string variables that will be passed to the query.
Thank you for your concern and clarification.
I do understand the distinction, though, and although my description was terse, what I meant was that the content that is placed within the MySQL queries are screened with mysql_real_escapte_string, but the MySQL syntax of the query is left alone.
I'm pretty sure if I hadn't made that distinction, my site would have malfunctioned immediately.
Thank you for following up. -- Dave M G Ubuntu Feisty 7.04 Kernel 2.6.20-16-386 -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
