<span style="color:rgb(34,34,34);font-family:arial,sans-serif;font-size:13.333333969116211px;background-color:rgb(255,255,255)">Rietz,</span><div><font color="#222222" face="arial, sans-serif"><br></font></div><div><font color="#222222" face="arial, sans-serif">pquery uses <a href="http://phplens.com/lens/adodb/docs-adodb.htm#execute">prepared statements</a> for execution that eliminates <a href="http://en.wikipedia.org/wiki/SQL_injection#Incorrectly_filtered_escape_characters">SQL injection problems</a> to a good extent.</font></div>

<div><br></div><div><font color="#222222" face="arial, sans-serif">Regards,</font></div><div><font color="#222222" face="arial, sans-serif">Prasad<br></font><br><div class="gmail_quote">On Mon, Mar 18, 2013 at 8:29 PM, Rietz, Artur <span dir="ltr"><<a href="mailto:a.rietz@opensaas.pl" target="_blank">a.rietz@opensaas.pl</a>></span> wrote:<br>

<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">I have question about your ideas connected to mysql queries:<div><br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex">


<h3 style="border-bottom-style:none;line-height:19.1875px;padding-top:0.5em;font-size:17px;width:auto;overflow:hidden;font-family:sans-serif;margin:0px 0px 0.3em;padding-bottom:0.17em;background-image:none">
<span>Parameterised queries</span></h3><p style="line-height:19.1875px;font-size:13px;font-family:sans-serif;margin:0.4em 0px 0.5em">Use this API to overcome SQL Injection attacks<span style="font-family:arial;font-size:small;line-height:normal;background-color:transparent"> </span></p>


</blockquote><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex"><p style="line-height:19.1875px;font-size:13px;font-family:sans-serif;margin:0.4em 0px 0.5em">


<span style="font-family:arial;font-size:small;line-height:normal;background-color:transparent"> </span><span style="background-color:rgb(249,249,249);font-family:monospace,'Courier New';line-height:1.3em">$db = PearDatabase::getInstance();</span></p>


<pre style="font-family:monospace,'Courier New';padding:1em;border:1px dashed rgb(47,111,171);background-color:rgb(249,249,249);line-height:1.3em;font-size:13px">$rs  = $db->pquery("SELECT * FROM tablename WHERE id=?", array($id));</pre>


</blockquote><div><br></div><div>Is using pquery more secure than normal query function ? ( If it is, then I have to ask : why ? )</div><div><br></div><div>Regards, Rietz Artur </div>
<br>_______________________________________________<br>
<a href="http://www.vtiger.com/" target="_blank">http://www.vtiger.com/</a><br></blockquote></div><br></div>