> I think you misunderstood me. I already have a AuthenticateUser(TEXT,TEXT) > function that works great. What I don't understand is how to get PHP to > use place holders for data binding. This is more generic database issue. I > could have also written: > > "INSERT INTO foo (a,b) VALUES (?,?)" > > where again, the values are passed separately and are *not* interpolated > into the query. That's the point - not interpolating your values to > protect against insertion attack.
I'm sure you are already doing this, but enough can't be said for validation. Make sure what you think is a number really is, and that a string is properly quoted...then this won't be a problem. ---John Holmes... -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php