On Tue, Mar 29, 2011 at 5:09 PM, Andrew Hutchings
<[email protected]> wrote:
> In what way unsafe? If you mean vulnerable to an SQL injection, then
I do
> using the prepared statement API in mysqli would probably be a
> better/safer option. Having a native prepared statement API in the
> drizzle plugin would be good but we first need support for it in
> libdrizzle (there was a blueprint for this somewhere).
Does Drizzle support prepared statements at all?
With by design I mean that the 'Hello Drizzle' example should use the
safe API. The safe case should be simpler than the unsafe case,
instead of the other way around, like it's now.
Something like this: drizzle_query("select name from users where
user_id = ?", $_GET['user_id']);
--
Olaf
_______________________________________________
Mailing list: https://launchpad.net/~drizzle-discuss
Post to : [email protected]
Unsubscribe : https://launchpad.net/~drizzle-discuss
More help : https://help.launchpad.net/ListHelp
