[Banditukas]

Код:

It does not escape % and _. These are wildcards in MySQL if combined with LIKE, GRANT, or REVOKE.

It means i have to self check? in what query _ can hurt?

[Vince]

As long as you don't use LIKE, GRANT or REVOKE there's nothing to worry about. GRANT and REVOKE especially are related to permissions and should in most cases be set by the database admin (you) rather than through code.

LIKE can be a bit more cumbersome since that's used to search for something; e.g.: show me all players with a name that starts with Mike.

PHP код:

SELECT name FROM player WHERE name LIKE 'Mike%'