> Doesn't anybody use prepared statements these days? It even helps MySQL > AND Oracle cache an execution plan... Forgive me if I'm wrong, but: Caching an execution plan for a prepared statement that is run only once in the script is just overhead, no? Or can it actually re-use the same cached statement from a different connection by some magical matching up of the context??? Doesn't seem like the kind of thing that would be workable, but what do I know? Now if you said "... allows the DB to cold-stop any SQL injection" you'd be 100% right. :-) So MikeP should really consider using prepared statements for that reason, as it lets the DB do the escaping. PS I think MikeP is saying he writes the code once and gets it working, then goes back and adds the escaping in later. This is fine if you ALWAYS remember to do that, but in a frenzy to release under pressure... Bad Idea! -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
