Hannes Magnusson wrote : > Hi > >From the pg_escape_string() manual page: "pg_escape_string() escapes a > string for insertion into the database. It returns an escaped string > in the PostgreSQL format. Use of this function is recommended instead > of addslashes()." > And we are using addslashes() on > http://www.php.net/manual/en/security.database.storage.php ? :) > Thanks for the patch!
-- Etienne Kneuss http://www.colder.ch/ [EMAIL PROTECTED]
