>   If you're sure that all your data is UTF-8, and that
> all user-supplied data is *actually valid* UTF-8 (and
> not deliberately or accidentally malformed), then
> mysql_escape_string() should be just fine [1].

I cannot ensure that the users will not be malicious, even if it is
all internal users.

Dotan Cohen


PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to