On 10/17/05, garaged <[EMAIL PROTECTED]> wrote: > I haven't see a lot of RC code, but I don't quite see a lot of space > for prepared queries. > > where statements are almost all you need for most applications. > > Doing the correct quotation is a good programming pratice, and it wont > be corrected by prepared queries. > > Max >
Prepared query handlers do the correct quotations for you, if they don't then it should not be called a prepared query. Prepared queries to type checking, cache the base query, and other goodies along with proper escaping/quoting. This is why you would use prepared queries, so you don't have to worry about escaping user input for fear of injection exploits. -- Christopher A. Watford [EMAIL PROTECTED]
