Hi,

I was just doing some reading through threads about security issues and php. There were a few things that I would like clarified..

"As a general rule, always escape any variable which will be used in a query, where the value of the variable was obtained from "outside" e.g. a form post or a cookie - you'll feel generally more relaxed if you do...." - Exactly how do you 'escape' a variable?

Another post mentioned that you should not use quotes around any variables that have numeric values in a query. Does this mean I should be writing
PHP Code:
<?
$number 
3;
 
$sql "select * from ages where age = $number ";
 
// rather then
$sql "select * from ages where age = '$number' ";
?>
?