Larry Garfield wrote: > Actually in most cases in PHP you don't get much performance.
Exactly. > What you do get is added security, because prepared statements are > cleaner than cleaner and more reliable than string escaping. Of > course, then we run into the % problem above. I don't really buy that - the string escaping is just a call to a mysql API, surely that's perfectly reliable. How do you see prepared statements being cleaner and more reliable? /Per Jessen, Zürich -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
