> If you're sure that all your data is UTF-8, and that > all user-supplied data is *actually valid* UTF-8 (and > not deliberately or accidentally malformed), then > mysql_escape_string() should be just fine [1]. >
I cannot ensure that the users will not be malicious, even if it is all internal users. -- Dotan Cohen http://what-is-what.com http://gibberish.co.il -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
