Page 1 of 1

PDO quote vs bindparam

Posted: Sun Mar 21, 2010 2:43 am
by w1n78
what's the difference between using PDO::quote and bindParam()?

should i use one over the other for select, insert, update, delete?

Re: PDO quote vs bindparam

Posted: Sun Mar 21, 2010 2:23 pm
by Christopher
quote() directly quotes a single variable, whereas the bind methods insert a variable into a string -- while escaping and quoting.

Re: PDO quote vs bindparam

Posted: Sun Mar 21, 2010 3:29 pm
by w1n78
Thanks. So using bind for any type of query is sufficient enough to not worry about sql injection then correct?
Christopher wrote:quote() directly quotes a single variable, whereas the bind methods insert a variable into a string -- while escaping and quoting.