David Green <simp...@gmail.com> wrote:

>Thank you all for the various suggestions.
>It now works with this:
>$find = strip_tags($find);
>$find = trim($find);
>$data = mysql_query("SELECT * FROM news_items WHERE headline LIKE
>Another "newb" question: does strip_tags() help at all in preventing
>injection attacks?
>Kind regards

strip_tags() doesn't prevent against sql injection. At best, it can protect 
slightly against xss attacks. Use mysql_real_escape_string() for sql injection.

Sent from my Android phone with K-9 Mail. Please excuse my brevity.

PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to