what's the difference between using PDO::quote and bindParam()?
should i use one over the other for select, insert, update, delete?
PDO quote vs bindparam
Moderator: General Moderators
- Christopher
- Site Administrator
- Posts: 13596
- Joined: Wed Aug 25, 2004 7:54 pm
- Location: New York, NY, US
Re: PDO quote vs bindparam
quote() directly quotes a single variable, whereas the bind methods insert a variable into a string -- while escaping and quoting.
(#10850)
Re: PDO quote vs bindparam
Thanks. So using bind for any type of query is sufficient enough to not worry about sql injection then correct?
Christopher wrote:quote() directly quotes a single variable, whereas the bind methods insert a variable into a string -- while escaping and quoting.