- From: Jonas Sicking <jonas@sicking.cc>
- Date: Fri, 26 Oct 2007 10:52:06 -0700
Ian Hickson wrote: >> I think not having quote will make people write their own, and every so >> often fail at it. People that don't think about the possibility of >> getting exploited aren't going to use neither '?' nor quote() so they >> are hosed either way. > > If we include examples for how to do this (embedding ? directly into the > query and adding the stuff to the array), will that work? It's easier to > do than quoting. It does sound like a good idea to make all examples use the '?' syntax. I still think that providing a quote() implementation would do more good than harm, but admittedly I don't care that much. Especially given that the worst that can happen is bugs and not security breaches. / Jonas
Received on Friday, 26 October 2007 10:52:06 UTC