2012/4/19 Raymond O'Donnell <r...@iol.ie>
> Or better still - and easier - use parametrised queries.
>
Right it is easier something like :
$sql = "categories (idx, ctime, mtime, name) VALUES ( :idx, :ctime, :mtime,
:name);";
$prep = $db->prepare($sql);
$prep->execute( array(':idx' => $_GET['idx'], ':ctime' => $ctime, ':mtime'
=> $mtime, ':name' => $name));
no more need to $db->quote() in that case, as :
$name = $db->quote($name);
???
I mean, even if $name = "L'envers" ? (ie. with a ' in it ?)
--
Yvon
