I'm creating a forum in php where users are able to store comments in a text field (think blog comments). To prevent SQL injection, I'm using the php function mysql_real_escape_string() on data going into the text field. Is this really enough to be safe, or should I be doing more?
Thanks in advance. Dotan Cohen http://what-is-what.com/what_is/bluetooth.html -- MySQL General Mailing List For list archives: http://lists.mysql.com/mysql To unsubscribe: http://lists.mysql.com/[EMAIL PROTECTED]
