> What about hacking somehow the sqlite library to disallow chained queries > (or at least do it optionally)?
If you are unable or unwilling to verify the safety of your input, use a database that supports params + binding (like Firebird :-)) Any input obtained from the client should be considered unsafe (== tainted in Perl) and should be checked for correctness first. In the described case, casting the value to a number if it's expected to be numerical or putting quotes around it if it's expected to be a string value will solve your problem. Disallowing chained queries will prevent *every* developer from ever using it. Ard -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php
