Hy!
I have a relative simple question about mysqli_prepare:
When I prepare a statement and then bind parameters to it, does php automatically care for escaping strings etc.?
Example: --------
<?php
$stmt = $mysqli->prepare("SELECT FROM table WHERE x=?");
$p = "5'"
$stmt->bind_param("i",$p);
# is "5'" converted to 5 like it would when i use intval($p)?$stmt->reset();
$s = "'xyz' || x LIKE '%'";
$stmt->bind_param("s",$s);
# will those "'" be escaped?
?>thanks for help
-- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
