Page 1 of 1
PDO quote vs bindparam
Posted: Sun Mar 21, 2010 2:43 am
by w1n78
what's the difference between using PDO::quote and bindParam()?
should i use one over the other for select, insert, update, delete?
Re: PDO quote vs bindparam
Posted: Sun Mar 21, 2010 2:23 pm
by Christopher
quote() directly quotes a single variable, whereas the bind methods insert a variable into a string -- while escaping and quoting.
Re: PDO quote vs bindparam
Posted: Sun Mar 21, 2010 3:29 pm
by w1n78
Thanks. So using bind for any type of query is sufficient enough to not worry about sql injection then correct?
Christopher wrote:quote() directly quotes a single variable, whereas the bind methods insert a variable into a string -- while escaping and quoting.