Andi Gutmans’s profile

My main advice to people is to always use prepared statements and then bind your parameters. Even if you are not planning to reuse the prepared statement, and won't get any performance benefit from doing so, it will prevent your apps from being attached using SQL injections because parameters are bound after the statement is compiled.

People just shouldn't be using anything else!

Posted in addslashes() Versus mysql_real_escape_string().

Sun, 22 Jan 2006 at 06:20:42 GMT

Not saying that I completely disagree. I think it's important for PHP to support Apache 2 handler pre-fork. And many people are using it in production environments. However, I wouldn't compare the Apache 2 upgrade to a PHP 5 upgrade. PHP 5 comes with lots of very useful features, whereas Apache 2, well, isn't exactly a big step up for the average PHP user.

Posted in PHP and Apache 2 Slashdotted.

Wed, 22 Dec 2004 at 04:15:59 GMT