TODO

1) sanitize string values (mysql_escape_string?)
2) restrictions for files?