Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:15598
Return-Path: <jared.williams1@ntlworld.com>
Mailing-List: contact internals-help@lists.php.net; run by ezmlm
Delivered-To: mailing list internals@lists.php.net
Received: (qmail 89909 invoked by uid 1010); 25 Mar 2005 13:36:33 -0000
Delivered-To: ezmlm-scan-internals@lists.php.net
Delivered-To: ezmlm-internals@lists.php.net
Received: (qmail 89761 invoked from network); 25 Mar 2005 13:36:31 -0000
Received: from unknown (HELO ntlworld.com) (127.0.0.1)
  by localhost with SMTP; 25 Mar 2005 13:36:31 -0000
X-Host-Fingerprint: 212.250.162.17 smtpout17.mailhost.ntl.com Solaris 8 (1)
Received: from ([212.250.162.17:32001] helo=mta09-winn.mailhost.ntl.com)
	by pb1.pair.com (ecelerity HEAD r(5268)) with SMTP
	id 80/75-61605-AD314424 for <internals@lists.php.net>; Fri, 25 Mar 2005 08:36:26 -0500
Received: from aamta08-winn.mailhost.ntl.com ([212.250.162.8])
	by mta09-winn.mailhost.ntl.com with ESMTP
	id <20050325133618.XAQC21280.mta09-winn.mailhost.ntl.com@aamta08-winn.mailhost.ntl.com>;
	Fri, 25 Mar 2005 13:36:18 +0000
Received: from win2ks ([213.107.8.99]) by aamta08-winn.mailhost.ntl.com
	with ESMTP
	id <20050325133618.EZOA1844.aamta08-winn.mailhost.ntl.com@win2ks>;
	Fri, 25 Mar 2005 13:36:18 +0000
Reply-To: <Jared.Williams1@ntlworld.com>
To: "'Thies C. Arntzen'" <thies@thieso.net>,
	<internals@lists.php.net>
Date: Fri, 25 Mar 2005 13:36:52 -0000
MIME-Version: 1.0
Content-Type: text/plain;
	charset="us-ascii"
Content-Transfer-Encoding: 7bit
X-Mailer: Microsoft Office Outlook, Build 11.0.6353
In-Reply-To: <d20u73$1ar$1@sea.gmane.org>
Thread-Index: AcUxMaWEbnZs2yx8S4uzdfGWOj/a9wADVqAg
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1441
Message-ID: <20050325133618.EZOA1844.aamta08-winn.mailhost.ntl.com@win2ks>
Subject: RE: [PHP-DEV] pdo: binding variables supplied to execute() is NotVeryUseful(tm)...
From: jared.williams1@ntlworld.com ("Jared Williams")
References: <d20u73$1ar$1@sea.gmane.org>


>      $sql = "insert into $table ($col_list) values ($bind_list)";

Can I just point out that you've just negated the whole reason for having parameters in the first place, imo.

$table is just as vulnerable to an SQL injection attack, as any of the parameters where before we had parameter binding.

Jared