On May 14, 2015, at 11:11 PM, Onatawahtaw <onatawah...@yahoo.ca> wrote:

> Hi Karl,
> If you look at the link you provided you'll notice that some of the code is 
> for ASP.net and some is for PHP. What of the two are you programming in? If 
> you are programming in ASP.net you are asking your question to the wrong 
> mailing list as this list is for PHP. If you are programming in PHP, then the 
> @ symbol does not apply to you.
> Both prepared statements and mysqli_real_escape_string do provide adequate 
> security (if used correctly).  However, my recommendation is to learn how to 
> use PDO with prepared statements. PDO also offers the benefit of being able 
> to connect to multiple types of databases without needing to change your 
> code. If you use mysqli and down the road you decide you want to use Oracle, 
> MS SQL Server, or some other database server, you will ned to rework a lot of 
> your code. Not so with PDO.
> Hope this helps,
> -Kevin Waddell
> Proverbs 3:5-6

Oh ok. Now it makes a little more sense. 
I have worked in ASP before, but I am programming in PHP and MySQL at the 

I am going to look into Prepared Statements. Thanks for your feedback. 


Karl DeSaulniers
Design Drumm

PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to