

This may Why Hackers hate the MySQL function mysql_real_escape_string()  - varul
http://nscraps.com/SQL/861-how-to-prevent-sql-injection-attacks.htm

======
stephenr
How old is this article? Nobody in their right mind would run PHP4 any more,
and any development done in the last few years should be using PDO and
prepared statements.

