note Joost I mostly agree, but AFAIK, the $dbh->quote() method is (or should be) implemented by the specific DBD driver and should always escape correctly. Now, there might be situations or database where you can't just insert a quoted string in a BLOB, but SQL injection should not be possible with a $dbh->quote()d string. <p> <del>The top post should remove the quotes around the quoted string, though, as $dbh->quote already provides them.</del> Never mind, there aren't any. <p> <!-- Node text goes above. Div tags should contain sig only --> <div class="pmsig"><div class="pmsig-157432"> <em>[id://149675|"What should it profit a man, if he should win a flame war, yet lose his cool?"]</em> </div></div> 440788 440801