Emphasize the usefulness of prepared statements vs. quoted input.

git-svn-id: https://svn.php.net/repository/phpdoc/en/trunk@194698 c90b9560-bf6c-de11-be94-00142212c4b1

reference/pdo/functions/PDO-quote.xml

@@ -1,5 +1,5 @@
 <?xml version="1.0" encoding="iso-8859-1"?>
-<!-- $Revision: 1.2 $ -->
+<!-- $Revision: 1.3 $ -->
 <!-- Generated by xml_proto.php v2.2. Found in /scripts directory of phpdoc. -->
 <refentry id="function.PDO-quote">
  <refnamediv>
@@ -24,9 +24,14 @@
    quoting style appropriate to the underlying driver.
   </para>
   <para>
-   If you're using this function to build SQL, it is recommended that you
-   using prepared statements and bound parameters instead, as it is not only
-   more convenient, but often much faster.
+   If you are using this function to build SQL statements, you are
+   <emphasis>strongly</emphasis> recommended to use
+   <function>PDO::prepare</function> to prepare SQL statements with bound
+   parameters instead of using <function>PDO::quote</function> to interpolate
+   user input into a SQL statement. Prepared statements with bound parameters
+   are not only more portable, more convenient, and vastly more secure, but
+   are often much faster than interpolating user input into slight variations
+   on the same basic SQL statement.
   </para>
   <para>
    Not all PDO drivers implement this method (notably PDO_ODBC).  Consider