[nycphp-talk] Trying to decide between MDB2 and PHP PDO
Konstantin Rozinov
krozinov at gmail.com
Fri Jun 26 01:33:07 EDT 2009
On Thu, Jun 25, 2009 at 6:04 PM, John Campbell<jcampbell1 at gmail.com> wrote:
> On Thu, Jun 25, 2009 at 5:44 PM, Eddie Drapkin<oorza2k5 at gmail.com> wrote:
>> Wait, are you advocating //against// prepared statements?
>
> Not at all, but when using mysql, you should emulate them. I am
> actually all for "prepared" style queries, if I ever see
> "mysqli_real_escape_string" in someone's code, I immediately write the
> person off as clueless.
>
What's so clueless about using mysql_real_escape_string()? I would be
interested to find out.
More information about the talk
mailing list