On May 14, 2015, at 11:11 PM, Onatawahtaw <onatawah...@yahoo.ca> wrote:
> Hi Karl, > > If you look at the link you provided you'll notice that some of the code is > for ASP.net and some is for PHP. What of the two are you programming in? If > you are programming in ASP.net you are asking your question to the wrong > mailing list as this list is for PHP. If you are programming in PHP, then the > @ symbol does not apply to you. > > Both prepared statements and mysqli_real_escape_string do provide adequate > security (if used correctly). However, my recommendation is to learn how to > use PDO with prepared statements. PDO also offers the benefit of being able > to connect to multiple types of databases without needing to change your > code. If you use mysqli and down the road you decide you want to use Oracle, > MS SQL Server, or some other database server, you will ned to rework a lot of > your code. Not so with PDO. > > Hope this helps, > > -Kevin Waddell > Proverbs 3:5-6 Oh ok. Now it makes a little more sense. I have worked in ASP before, but I am programming in PHP and MySQL at the moment. I am going to look into Prepared Statements. Thanks for your feedback. Best, Karl DeSaulniers Design Drumm http://designdrumm.com -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php