I'm getting started on a new program and I've been advised (here) to use Data Access Objects, and so far, I'm delighted. My code is so much cleaner and happier 🙂
I was wondering about escaping user-entered data. Basically, functions like addslashes() and mysql_real_escape_string()
Should they be the responsibility of the Data Access Object's Class and Methods? Or should they be the responsibility of the script that calls those methods?
How do you guys feel about this?
