do i need to quote input even though i'm using bind
variables in my queries?
i seem to think that quoting on entry and unquoting on
return was a method for fighting sql injection, but
i'm also thinking that bind variables may make that
step meaningless.
problem is, i'm not sure.
any guidance is appreciated, of course.
__________________________________________________
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around
http://mail.yahoo.com