I was just doing some reading through threads about security issues and php. There were a few things that I would like clarified..
"As a general rule, always escape any variable which will be used in a query, where the value of the variable was obtained from "outside" e.g. a form post or a cookie - you'll feel generally more relaxed if you do...." - Exactly how do you 'escape' a variable?
Another post mentioned that you should not use quotes around any variables that have numeric values in a query. Does this mean I should be writing
$number = 3;
$sql = "select * from ages where age = $number ";
// rather then
$sql = "select * from ages where age = '$number' ";