> Anyone have a link or links to how to definitively make safe inserts to > databases with form information?
It's a good idea to validate all data you're sticking in before you do. For example, if you have a numeric field, you don't want the person to be able to submit letters in that field. So, always check that the data is formatted the way you want it to be before sending it to the database. I usually use preg_replace() to remove undesireable characters. If you want text to go into a field and want people to be able to have quotes and other such items in there, then use addslashes(). --Dan -- PHP classes that make web design easier SQL Solution | Layout Solution | Form Solution sqlsolution.info | layoutsolution.info | formsolution.info T H E A N A L Y S I S A N D S O L U T I O N S C O M P A N Y 4015 7 Av #4AJ, Brooklyn NY v: 718-854-0335 f: 718-854-0409 -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php