2006/7/11, John DeSoi <desoi@pgedit.com>:
>
> On Jul 11, 2006, at 1:23 PM, DCarrero wrote:
>
> > I was asking if this useful, or secure to do a transaction on web, or
> > you recomend use a function with parameters an inside this insert
> > data, thank for the information too...
>
> If you are inserting user entered data (especially from the web) I
> highly recommend you use prepared statements. This will deal with
> security issues related to SQL injection. I prefer to use functions,
> but it is not necessary. Here is a short article I wrote which you
> might find helpful in using prepared statements from PHP:
>
> http://pgedit.com/resource/php/pgfuncall
Thanks again :D
