On May 14, 2015, at 11:11 PM, Onatawahtaw <onatawah...@yahoo.ca> wrote:
> Hi Karl,
> If you look at the link you provided you'll notice that some of the code is
> for ASP.net and some is for PHP. What of the two are you programming in? If
> you are programming in ASP.net you are asking your question to the wrong
> mailing list as this list is for PHP. If you are programming in PHP, then the
> @ symbol does not apply to you.
> Both prepared statements and mysqli_real_escape_string do provide adequate
> security (if used correctly). However, my recommendation is to learn how to
> use PDO with prepared statements. PDO also offers the benefit of being able
> to connect to multiple types of databases without needing to change your
> code. If you use mysqli and down the road you decide you want to use Oracle,
> MS SQL Server, or some other database server, you will ned to rework a lot of
> your code. Not so with PDO.
> Hope this helps,
> -Kevin Waddell
> Proverbs 3:5-6
Oh ok. Now it makes a little more sense.
I have worked in ASP before, but I am programming in PHP and MySQL at the
I am going to look into Prepared Statements. Thanks for your feedback.
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php