From 5fb9a3d475030fb66977e409879cecc76550c245 Mon Sep 17 00:00:00 2001 From: Jakub Vrana Date: Thu, 19 Nov 2009 10:56:57 +0000 Subject: [PATCH] Safety note (bug #47943) git-svn-id: https://svn.php.net/repository/phpdoc/en/trunk@290976 c90b9560-bf6c-de11-be94-00142212c4b1 --- reference/pdo/pdo/prepare.xml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/reference/pdo/pdo/prepare.xml b/reference/pdo/pdo/prepare.xml index 6835de16ee..fd3bd86c7b 100644 --- a/reference/pdo/pdo/prepare.xml +++ b/reference/pdo/pdo/prepare.xml @@ -22,6 +22,8 @@ for which real values will be substituted when the statement is executed. You cannot use both named and question mark parameter markers within the same SQL statement; pick one or the other parameter style. + Use these parameters to bind any user-input, do not include the user-input + directly in the query. You must include a unique parameter marker for each value you wish to pass