Hy!
I have a relative simple question about mysqli_prepare:
When I prepare a statement and then bind parameters to it, does php automatically care for escaping strings etc.?
Example: --------
<?php $stmt = $mysqli->prepare("SELECT FROM table WHERE x=?"); $p = "5'" $stmt->bind_param("i",$p); # is "5'" converted to 5 like it would when i use intval($p)?
$stmt->reset();
$s = "'xyz' || x LIKE '%'"; $stmt->bind_param("s",$s); # will those "'" be escaped? ?>
thanks for help
So it seems, that nobody knows what happens with those binded parameters.
Is there a more precise documentation on the mysqli-object interface?
Is there any code snipped that shows how the mysqli-classes would look like, when they were coded in php, like there is for the Extension class?
aRZed
-- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
