On Fri, Apr 20, 2012 at 5:33 AM, Raymond O'Donnell <rod@xxxxxx> wrote: > Yep - no need to worry about quoting if you use parameters - it's all > done for you. It's also MUCH safer, as it makes SQL injection attacks > much harder (if not impossible). And in some cases, it can even be more bandwidth-efficient. I don't know if PDO can take advantage of this, but with the PostgreSQL-specific functions (pg_query_params etc), an alternative protocol method is used that sends the query and its parameters separately, to great efficiency. ChrisA -- Sent via pgsql-general mailing list (pgsql-general@xxxxxxxxxxxxxx) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-general
