php strings demo

Tue Nov 23 08:06:18 PST 2010

On Sat, 20 Nov 2010 18:03:34 -0500, Kagamin wrote:

> Adam D. Ruppe Wrote:
> 
>> Meh, I find the placeholders to be much better (safer too):
>> 
>> db.query("select id from objects where type = ?", typeName);
> 
> I use it too, but found it hard to maintain/check ordering and meaning
> of parameters when you edit the query, add or remove parameters.

Isn't that a small price to pay to avoid SQL injection attacks?

Best,
Graham