>>Then if you use a MySQL database you would escape the string like this
>>$tmp = mysql_real_escape_string($_REQUEST['yyy']);

>>mysql_real_escape_string() protect from SQL injection by escaping your 
>>string according to what your charset requires.

Good point, I should be doing that. But only to String, not data stored in 
MySQL as Int or Date, etc.


PHP General Mailing List (
To unsubscribe, visit:

Reply via email to