https://www.webmaster-forums.net/crss/node/1036520 en https://www.webmaster-forums.net/serverside-scripting/php-mysql-injection-phplist#comment-1210179 <p>Yup... make sure you validate EVERYTHING that the user enters as accurately as you can. For instance you know a phone number should only consist of numbers and at a push + space and brackets but nothing else. There are loads of great regular expressions at regexlib.com that you can use to validate all sorts of data.</p> Wed, 08 Nov 2006 13:53:47 +0000 andy206uk comment 1210179 at https://www.webmaster-forums.net