Folks: I know that PDO's prepare() method checks datatypes and quotes content as needed (e.g. strings get quotes, ints don't). But according to what people say about it, it prevents SQL injection. If this is true, then what, besides proper value quoting, does it do to protect SQL statements from being SQL injections? Or is proper quoting all that's necessary? Paul -- Paul M. Foster http://noferblatz.com http://quillandmouse.com
