However, it's still vulnerable to other SQL injection based attacks, so you should validate and escape all your input as necessary anyway.<br><br>And please don't use the direct MySQL driver calls.