Talk:PDOQuery

From DAViCal Wiki

Jump to: navigation, search

Put discussion about the design of PdoQuery on this page please. Also remember to sign comments with ~~~~ and use : in the left column to indent stuff... :-) Karora 21:39, 16 March 2009 (UTC)

query parameter replacement is done in PHP before passing the fully expanded statement to PDO.
Will this require checks to prevent SQL injection? AIUI, that's one of the reasons for using prepared statements, so it would be reasonable for a programmer to expect it. OTOH, if the API docs say that feature is not present, it is also reasonable to expect a developer to take heed. Russell Jones 09:43, 19 March 2009 (UTC)
Retrieved from "http://wiki.davical.org/w/Talk:PDOQuery"