From 5fb9a3d475030fb66977e409879cecc76550c245 Mon Sep 17 00:00:00 2001
From: Jakub Vrana <vrana@php.net>
Date: Thu, 19 Nov 2009 10:56:57 +0000
Subject: [PATCH] Safety note (bug #47943)

git-svn-id: https://svn.php.net/repository/phpdoc/en/trunk@290976 c90b9560-bf6c-de11-be94-00142212c4b1
---
 reference/pdo/pdo/prepare.xml | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/reference/pdo/pdo/prepare.xml b/reference/pdo/pdo/prepare.xml
index 6835de16ee..fd3bd86c7b 100644
--- a/reference/pdo/pdo/prepare.xml
+++ b/reference/pdo/pdo/prepare.xml
@@ -22,6 +22,8 @@
    for which real values will be substituted when the statement is executed.
    You cannot use both named and question mark parameter markers within the same
    SQL statement; pick one or the other parameter style.
+   Use these parameters to bind any user-input, do not include the user-input
+   directly in the query.
   </para>
   <para>
    You must include a unique parameter marker for each value you wish to pass