On Feb 16, 2008 7:08 PM, Sam Carleton <[EMAIL PROTECTED]> wrote: > This might be a really basic question and it might be PHP related, not > SQLite, I am not sure... > > I know that the traditional way to do a delete would be this: > > DELETE FROM users WHERE ipaddress = '192.168.1.1' > > But I have also seen syntax where the actual statement does NOT > contain the '192.168.1.1' but rather a ? and then the value is set as > a parameter on, in my case, PDO object. It is my understanding that > using the ? is much more secure then the traditional way above. Where > might I go to learn more about the ? way of doing a delete? >
It is not any more secure, just more foolproof. You don't have to worry about injection attacks and it might even be faster, especially if you re-use the statement. -- Cory Nelson _______________________________________________ sqlite-users mailing list sqlite-users@sqlite.org http://sqlite.org:8080/cgi-bin/mailman/listinfo/sqlite-users