PDO quote vs bindparam

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
w1n78
Forum Newbie
Posts: 12
Joined: Mon Mar 08, 2010 10:55 pm

PDO quote vs bindparam

Post by w1n78 »

what's the difference between using PDO::quote and bindParam()?

should i use one over the other for select, insert, update, delete?
User avatar
Christopher
Site Administrator
Posts: 13596
Joined: Wed Aug 25, 2004 7:54 pm
Location: New York, NY, US

Re: PDO quote vs bindparam

Post by Christopher »

quote() directly quotes a single variable, whereas the bind methods insert a variable into a string -- while escaping and quoting.
(#10850)
w1n78
Forum Newbie
Posts: 12
Joined: Mon Mar 08, 2010 10:55 pm

Re: PDO quote vs bindparam

Post by w1n78 »

Thanks. So using bind for any type of query is sufficient enough to not worry about sql injection then correct?
Christopher wrote:quote() directly quotes a single variable, whereas the bind methods insert a variable into a string -- while escaping and quoting.
Post Reply