It is particularly valuable to use bound values when you have WWW access so that you block the possibility of SQL injection attacks.
Eric Minbiole wrote: >>This is my first foree into PDO-SQLite and I saw samples using binding, >>I am using prepare() though without binding. >> >>So you think that had I used binding my escape issue would not be an issue ? > > > Correct. Though I've not used PDO-SQLite (I use the C interface), I > would think that using bound parameters would eliminate your string > escaping issues. I use bound parameters almost exclusively: You never > have to worry about escaping or sanitizing your strings-- just let the > Db engine do the work for you. > > A related classic: http://xkcd.com/327/ > > ~Eric > _______________________________________________ > sqlite-users mailing list > sqlite-users@sqlite.org > http://sqlite.org:8080/cgi-bin/mailman/listinfo/sqlite-users _______________________________________________ sqlite-users mailing list sqlite-users@sqlite.org http://sqlite.org:8080/cgi-bin/mailman/listinfo/sqlite-users
