Damon Getsman <[EMAIL PROTECTED]> wrote: > PHP has great support for accessing a MySQL database,
Actually I'd say PHP's mysql support is lacking a very important feature. mysql_query() doesn't support parameters (or placeholders, usually '?') which means that unless you use mysql_real_escape_string() on all user input you are leaving yourself wide open for SQL injection attacks. With all the other non-PHP mysql programming I've done you use parameters for all user input and you don't have to worry. It is not a big deal, but I've had it drummed into me to always use parameters for user input and I was really suprised PHP didn't have them. -- Nick Craig-Wood <[EMAIL PROTECTED]> -- http://www.craig-wood.com/nick -- http://mail.python.org/mailman/listinfo/python-list
