At 3:53 PM -0400 7/12/09, Paul M Foster wrote:
On Sun, Jul 12, 2009 at 09:07:45AM -0400, tedd wrote:
<snip>
As for prepared statements, I'm no authority on them, but from what
I've read they are not going to be something I'll be practicing
anytime soon.
Aside from Stuart's comments about slowness, what else have you read
that makes you discount the use of prepared statements? The PDO class
emphasizes that you're safe from SQL injection exploits, which seems a
big plus.
Paul
Paul:
As I said, I'm no authority. However as I have read, prepared
statements are for a limited set of instructions in MySQL. They can't
be used for everything. Why should I learn one way to do something
that isn't universal in the language?
Additionally, I think the way I sanitize data is sufficient AND I
understand it. *My* learning curve may introduce security problems
that I am not willing to risk, at this moment. As I said, I have more
than enough on my plate to digest -- including learning non-prepared
statements in MySQL.
Cheers,
tedd
--
-------
http://sperling.com http://ancientstones.com http://earthstones.com
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
