17 Oct
2005
17 Oct
'05
3:22 p.m.
On 10/17/05, garaged garaged@gmail.com wrote:
I haven't see a lot of RC code, but I don't quite see a lot of space for prepared queries.
where statements are almost all you need for most applications.
Doing the correct quotation is a good programming pratice, and it wont be corrected by prepared queries.
Max
Prepared query handlers do the correct quotations for you, if they don't then it should not be called a prepared query. Prepared queries to type checking, cache the base query, and other goodies along with proper escaping/quoting. This is why you would use prepared queries, so you don't have to worry about escaping user input for fear of injection exploits.
-- Christopher A. Watford christopher.watford@gmail.com