Instead of relying on addslashes(), it is more secure
(and sensical) to use the database's native string
escapes. When looping through the superglobals in
main(), use mysql_real_escape_string(). Make sure to
connect to the database first!
Then use something like ADOdb (or Lite); you can use the
question mark place-holders so that it will automatically
escape the input properly when it places it in the query.
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Logged In: YES
user_id=49118
Yes, but I would like to find a more generic function since
mythreads is supposed to be db independant in a next release.
Logged In: YES
user_id=1088943
Then use something like ADOdb (or Lite); you can use the
question mark place-holders so that it will automatically
escape the input properly when it places it in the query.