Hi Jacob, Yes, you need to do more than just using mysql_real_escape_string() solely. I recommend the book "SQL Antipatterns: Avoiding the Pitfalls of Database Programming" by Bill Karwin
http://www.amazon.com/SQL-Antipatterns-Programming-Pragmatic-Programmers/dp/1934356557 -- PHP Windows Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
