Actually no; you said "You only need to escape data coming from a user going in to your database."
Using a known variable in my app is not going to cause an sql injection problem.
switch ($value) {
case 'x':
$my_field = 1;
break;
default:
$my_field = 0;
}
an insert here with no escaping on $my_field will never cause sql injection.
--
Postgresql & php tutorials
http://www.designmagick.com/
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
