On Mon, 22 Mar 2004 14:36:44 -0800, Pablo Gosse wrote: > > Huh? How does this accommodate for a dynamically generated query which is > based upon user input? > Have you read my arguments? A prepared statement cannot be dynamically generated!
> > It is validated and its type set before it is inserted into the query, so > how does what you state above deal with this? > The idea is exactly not to do any queries dynamically generated based on user input! In the rare cases where this is needed you should not allow any unparsed input. -- Hilsen/Regards Michael Rasmussen -------------------------------------------------------------- You have a will that can be influenced by all with whom you come in contact. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
