I am very used to using MySQL and mysql_real_escape_string(), but I have been given a new PHP project that uses ODBC.
What is the correct way to escape user input in a SQL string?
Is addslashes() sufficient?
I would like to get this right now rather than later!