[WebERP-developers] Parametrized Queries

[Jonathan (T. <th...@ic...>]

Hi there,
just to put my two cents in-- Phil, the main advantage security wise of
parametrized queries is that the data is sent over in a distinct 'package'
from the query. You 'pseudo-parametrized' query is sent over as a string,
however the true parametrized queries sends the query along separately from
the parameters, which is why it protects against SQL injection, since the
parameters are never a part of the SQL query string at all.