Rik Wasmus wrote:
> On Wed, 27 Feb 2008 11:36:43 +0100, Harris Kosmidhs
> <hkosmidi@remove.me.softnet.tuc.gr> wrote:
>
>> Omega wrote:
>>> Not trying to re-scope your question, but PDO can also offer a lot of
>>> great options in this area. I've found that using PDO has reduced the
>>> amount of crazy data policework I have to do.
>>> Just a suggestion! I realize it's a slight shift in the paradigms
>>> used, but I've so far enjoyed the options it opens up.
>>
>> any example please? I now started using PDO....
>
> Prepared statemenst will make your live definitly easy:
>
> $db = new PDO();//use some real connection variables.
> $stmt = $db->prepare('SELECT foo FROM bar WHERE foz = ?');
> $stmt->bindValue(1,"some'string\\with''\'characters that could be
> escaped", PDO::PARAM_STR);
> $stmt->execute();
> var_dump($stmt->fetchAll());
>
> Prepared Statement > mysql_real_escape_string > mysql_escape_string >
> addslashes

Sorry don't quite follow...

bindValue does something like mysql_real_escape_string?
Does it understand what foz is? integer, varchar, etc?