----- Original Message ----- > From: "Govinda" <govinda.webdnat...@gmail.com> > > 1.) Is anyone *who knows what he is doing* still using > mysql_real_escape_string()? Ever?
I seem to vaguely remember someone showing me some code that would bypass escaping; but I didn't really pay a lot of attention, to be honest :-) Personally I haven't used escapes in ages, for the simple reason that prepared statements are just that much more convenient - and even if MySQL doesn't do a lot with it for the time being, they also allow for some very nifty in-server optimizations using cached query plans and similar nifties. Using them is a good habit for three reasons: 1) it makes you immune to SQL injections, at least as effectively as escaping; 2) if MySQL finally gets around to implementing an execution plan cache, you'll start benefiting without having to lift a finger 3) you won't need to learn new ways of working if you need to code on different databases :-) -- Bier met grenadyn Is als mosterd by den wyn Sy die't drinkt, is eene kwezel Hy die't drinkt, is ras een ezel -- MySQL General Mailing List For list archives: http://lists.mysql.com/mysql To unsubscribe: http://lists.mysql.com/mysql
