I'm coming back to php after a number years and I was wondering what current "best practice" is regarding mysql queries. I've read about mysql_real_escape_string() and validation, and doing a str_replace on certain words. At one time I saw a parameter base thing like ASP.net has, but I can't find it now. I would really appreciate any "up to date" suggestions or advice on this or any other php/mysql security practice.
Thanks
