wez Thu Nov 24 14:05:49 2005 EDT
Modified files:
/phpdoc/en/reference/pdo/functions PDO-quote.xml
Log:
tweak
http://cvs.php.net/diff.php/phpdoc/en/reference/pdo/functions/PDO-quote.xml?r1=1.5&r2=1.6&ty=u
Index: phpdoc/en/reference/pdo/functions/PDO-quote.xml
diff -u phpdoc/en/reference/pdo/functions/PDO-quote.xml:1.5
phpdoc/en/reference/pdo/functions/PDO-quote.xml:1.6
--- phpdoc/en/reference/pdo/functions/PDO-quote.xml:1.5 Thu Oct 20 16:29:47 2005
+++ phpdoc/en/reference/pdo/functions/PDO-quote.xml Thu Nov 24 14:05:47 2005
@@ -1,5 +1,5 @@
<?xml version="1.0" encoding="iso-8859-1"?>
-<!-- $Revision: 1.5 $ -->
+<!-- $Revision: 1.6 $ -->
<!-- Generated by xml_proto.php v2.2. Found in /scripts directory of phpdoc.
-->
<refentry id="function.PDO-quote">
<refnamediv>
@@ -17,8 +17,8 @@
</methodsynopsis>
<para>
- <function>PDO::quote</function> places quotes around the input
- string and escapes and single quotes within the input string, using a
+ <function>PDO::quote</function> places quotes around the input string (if
+ required) and escapes special characters within the input string, using a
quoting style appropriate to the underlying driver.
</para>
<para>
@@ -26,10 +26,10 @@
<emphasis>strongly</emphasis> recommended to use
<function>PDO::prepare</function> to prepare SQL statements with bound
parameters instead of using <function>PDO::quote</function> to interpolate
- user input into a SQL statement. Prepared statements with bound parameters
- are not only more portable, more convenient, and vastly more secure, but
- are often much faster than interpolating user input into slight variations
- on the same basic SQL statement.
+ user input into a SQL statement. Prepared statements with bound parameters
+ are not only more portable, more convenient, immune to SQL injection, but
+ are often much faster to execute than interpolated queries, as both the
+ server and client side can cache a compiled form of the query.
</para>
<para>
Not all PDO drivers implement this method (notably PDO_ODBC). Consider
