>I think the more likely attack is actually due to how annoying >magic_quotes is. You have to remove it to do any work, then you have to >remember to put it back on because you aren't escaping your sql.
>David What exactly do you mean by ' You have to remove it to do any work '? Seems that the only and best way to prevent mysql injection is the combination of mysql_real_escape_string combined with value validation. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
