stripping characters

misfits

Hi all,
I was chatting to someone who told me about a problem, that you have to strip the ";'s" out of string your passing to your db because some one can delete your entire db

Has anyone hearded of this?

I have been putting together a script kinda like this

 $name = ereg_replace( ";", "", $name );

Look alright?

are there any other character's i should get rid of?

Thanks,

bubblenut

[man]strtr()[/man] would be much quicker.
Normal practice to protect the database is to use [man]addslashes()[/man] which just escapes all special characters so they are not treated as special by the database.
HTH
Bubble