Re: [PHP-DOC] cvs: phpdoc /en/reference/pdo/functions PDO-quote.xml :: ASPN Mail Archive

Recent Messages
List Archives
About the List
List Leaders
Subscription Options

View Subscriptions
Help

View by Topic
ActiveState
.NET Framework
Open Source
Perl
PHP
Python
Tcl
Web Services
XML & XSLT

View by Category
Database
General
SOAP
System Administration
Tools
User Interfaces
Web Programming
XML Programming

MyASPN >> Mail Archive >> phpdoc

phpdoc

Re: [PHP-DOC] cvs: phpdoc /en/reference/pdo/functions PDO-quote.xml
by Dan Scott other posts by this author
Aug 31 2005 4:27AM messages near this date

Re: [PHP-DOC] cvs: phpdoc /en/reference/pdo/functions PDO-quote.xml | [PHP-DOC] cvs: phpdoc /en/internals/zendapi/functions zend_hash_add.xml zend_hash_init.xml zend_hash_init_ex.xml zend_hash_quick_add.xml zend_hash_quick_update.xml zend_hash_update.xml

Yup -- that's the part that currently reads "Not all PDO drivers implement 
this method (notably PDO_ODBC). Consider using prepared statements instead."

I suppose I could say why PDO_ODBC does not implement it, and never will, to 
try and reduce the number of user notes.

Dan

On 8/30/05, Wez Furlong <kingwez@[...].com>  wrote:
>  
>  And PDO::quote() does nothing for ODBC, because it currently has no
>  idea what dialect of SQL is spoken by the underlying ODBC driver.
>  
>  --Wez.
>  
>  On 8/30/05, Dan Scott <dbs@[...].net> wrote:
>  > dbs Tue Aug 30 20:56:36 2005 EDT
>  >
>  > Modified files:
>  > /phpdoc/en/reference/pdo/functions PDO-quote.xml
>  > Log:
>  > Emphasize the usefulness of prepared statements vs. quoted input.
>  >
>  >
>  > 
>  http://cvs.php.net/diff.php/phpdoc/en/reference/pdo/functions/PDO-quote.xml?r1=1.2&r2=1.3&
ty=u
>  > Index: phpdoc/en/reference/pdo/functions/PDO-quote.xml
>  > diff -u phpdoc/en/reference/pdo/functions/PDO-quote.xml:1.2phpdoc/en/reference/pdo/funct
ions/PDO-
>  quote.xml:1.3
>  > --- phpdoc/en/reference/pdo/functions/PDO-quote.xml:1.2 Mon Jul 11 
>  00:38:55 2005
>  > +++ phpdoc/en/reference/pdo/functions/PDO-quote.xml Tue Aug 30 20:56:35 
>  2005
>  > @@ -1,5 +1,5 @@
>  > <?xml version="1.0" encoding="iso-8859-1"?>
>  > -<!-- $Revision: 1.2 $ -->
>  > +<!-- $Revision: 1.3 $ -->
>  > <!-- Generated by xml_proto.php v2.2. Found in /scripts directory of 
>  phpdoc. -->
>  > <refentry id="function.PDO-quote">
>  > <refnamediv>
>  > @@ -24,9 +24,14 @@
>  > quoting style appropriate to the underlying driver.
>  > </para>
>  > <para>
>  > - If you're using this function to build SQL, it is recommended that you
>  > - using prepared statements and bound parameters instead, as it is not 
>  only
>  > - more convenient, but often much faster.
>  > + If you are using this function to build SQL statements, you are
>  > + <emphasis>strongly</emphasis> recommended to use
>  > + <function>PDO::prepare</function> to prepare SQL statements with bound
>  > + parameters instead of using <function>PDO::quote</function> to 
>  interpolate
>  > + user input into a SQL statement. Prepared statements with bound 
>  parameters
>  > + are not only more portable, more convenient, and vastly more secure, 
>  but
>  > + are often much faster than interpolating user input into slight 
>  variations
>  > + on the same basic SQL statement.
>  > </para>
>  > <para>
>  > Not all PDO drivers implement this method (notably PDO_ODBC). Consider
>  >
>

Attachments:

unknown1

unknown2

Thread:

Dan Scott

Wez Furlong

Dan Scott