On Tue, 29 Apr 2008 01:03:33 +0200, Brendan Jurd <[EMAIL PROTECTED]> wrote:
On Tue, Apr 29, 2008 at 7:00 AM, PFC <[EMAIL PROTECTED]> wrote:
I have found that the little bit of code posted afterwards did
eliminate
SQL holes in my PHP applications with zero developer pain, actually it
is
MORE convenient to use than randomly pasting strings into queries.
You just call
db_query( "SELECT * FROM table WHERE column1=%s AND column2=%s", array(
$var1, $var2 ));
Implementing this for yourself is crazy; PHP's Postgres extension
already does this for you since 5.1.0:
$result = pg_query_params("SELECT foo FROM bar WHERE baz = $1",
array($baz));
http://www.php.net/manual/en/function.pg-query-params.php
Cheers,
BJ
pg_query_params is quite slower actually...
--
Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-hackers