On Wed, Mar 4, 2009 at 8:04 PM, PJ <af.gour...@videotron.ca> wrote some stuff...

You should do a little reading on some of the keywords that have been presented.

Specifically you don't sanitize a value into your db.  You escape it.
Prepared statements are a way of doing this that makes it a bit harder
to mess up.  You have to have a connection to the server to properly
escape your value because databases can have lots of different
character encodings.  Just blindly assuming latin1 is wrong.

http://www.voom.me | EFnet: #voom

PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to