On Fri, Apr 20, 2012 at 5:33 AM, Raymond O'Donnell <r...@iol.ie> wrote: > Yep - no need to worry about quoting if you use parameters - it's all > done for you. It's also MUCH safer, as it makes SQL injection attacks > much harder (if not impossible).
And in some cases, it can even be more bandwidth-efficient. I don't know if PDO can take advantage of this, but with the PostgreSQL-specific functions (pg_query_params etc), an alternative protocol method is used that sends the query and its parameters separately, to great efficiency. ChrisA -- Sent via pgsql-general mailing list (pgsql-general@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-general