FUDforum
Fast Uncompromising Discussions. FUDforum will get your users talking.
Home » Imported messages » comp.lang.php » str_replace does not like empty quotes
Show: Today's Messages :: Polls :: Message Navigator
Return to the default flat view Create a new topic Submit Reply
Re: str_replace does not like empty quotes [message #186282 is a reply to message #186259] Sun, 22 June 2014 23:20 Go to previous messageGo to previous message
Geoff Muldoon is currently offline  Geoff Muldoon
Messages: 19
Registered: July 2011
Karma:
Junior Member
jstucklex(at)attglobal(dot)net says...

>> Of course, bind variables are massively better, but I doubt that
Richard
>> is up to knowing about them yet.

> One opinion. But bound values have their problems, also. They are
> neither better nor worse than properly escaping values. Just another
> way of doing things.

Hmm, I've never really found any signifcant down-side to using bind
variables if they are used corrctly, so I'd appreciate any links you
might have.

IMHO three of the main pluses are:

a) A strong (but not totally foolproof) barrier against SQL injection
attacks.

b) On certain platforms (perhaps on Oracle more so than MySQL, etc.) the
ability to shared pool cache or soft-parse rather than hard-parse a
particular execution plan, often significantly increasing performance
when querying the same columns from the sames tables.

c) Parameter input values do not NEED to be properly escaped.

http://en.wikipedia.org/wiki/Prepared_statement

GM

Report message to a moderator

[Message index]
 
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Previous Topic: PDO fetch with SQL server
Next Topic: Putting it all together
Goto Forum:
  

-=] Back to Top [=-
[ Syndicate this forum (XML) ] [ RSS ]

Current Time: Mon May 13 12:29:55 GMT 2024

Total time taken to generate the page: 0.05350 seconds
.:: Contact :: Home ::.

Powered by: FUDforum 3.1.3.
Copyright ©2001-2023 FUDforum Bulletin Board Software