I agree, but they all provide some level of handling just might not be the
'most correct' way of handling it
bastien> Subject: RE: [PHP] mysql input> From: [EMAIL PROTECTED]> To: [EMAIL
PROTECTED]> CC: [EMAIL PROTECTED]; php-general@lists.php.net> Date: Mon, 18 Feb
2008 23:31:21 -0500> > > On Mon, 2008-02-18 at 23:19 -0500, Bastien Koert
wrote:> > mysql_real_escape_string()> > addslashes()> > htmlentities()> > > >
take your pick> > That's a bad answer. If he's using MySQL then he SHOULD use>
mysql_real_escape_string(). None of the other functions will fully> protect him
from malicious input.> > Cheers,> Rob.> -- >
.------------------------------------------------------------.> | InterJinn
Application Framework - http://www.interjinn.com |>
:------------------------------------------------------------:> | An
application and templating framework for PHP. Boasting |> | a powerful,
scalable system for accessing system services |> | such as forms, properties,
sessions, and caches. InterJinn |> | also provides an extremely flexible
architecture for |> | creating re-usable components quickly and easily. |>
`------------------------------------------------------------'>
_________________________________________________________________