appdb security

[EA Durbin]

>Tobias Burnus wrote:
>>
>>Why don't you use mysql_escape_string(...)?
>>http://de.php.net/manual/en/function.mysql-escape-string.php

Why not just use PEAR::DB as recommended in the book "Essential PHP 
Security", as it handles multiple SQL interfaces and escapes the data 
automatically for you, appropriately for the type of database you're using.

http://www.devshed.com/c/a/PHP/Accessing-Databases-with-DB/2/