Magnus,
> Applications which use parameterized prepared statement syntax
> exclusively (e.g. "SELECT * FROM table WHERE id = ?", $var1).
>
>
> Umm. AFAIK that's only true if the client library actually uses
> paremetrised queries over the wire, which I'm quite sure all don't. I
> beleive PHP doesn't, at leas tnot until the very latest version, for
> example.
Hmmm. Can you think of a way to re-word that without doing an entire
paragraph?
--
Josh Berkus
PostgreSQL @ Sun
San Francisco