Hi Sam, Although what you refer to applies more generally (e.g., the SQLite C API has support for it), in this case the best reference would be the PHP Manual's entry on the PDO extension: http://www.php.net/manual/en/ref.pdo.php
In particular, read the section on "Prepared statements and stored procedures". For further reading: http://www.php.net/manual/en/function.PDO-prepare.php http://www.php.net/manual/en/function.PDOStatement-bindParam.php Regards, Eugene Wee Sam Carleton wrote: > This might be a really basic question and it might be PHP related, not > SQLite, I am not sure... > > I know that the traditional way to do a delete would be this: > > DELETE FROM users WHERE ipaddress = '192.168.1.1' > > But I have also seen syntax where the actual statement does NOT > contain the '192.168.1.1' but rather a ? and then the value is set as > a parameter on, in my case, PDO object. It is my understanding that > using the ? is much more secure then the traditional way above. Where > might I go to learn more about the ? way of doing a delete? > > Sam _______________________________________________ sqlite-users mailing list sqlite-users@sqlite.org http://sqlite.org:8080/cgi-bin/mailman/listinfo/sqlite-users