On 2012-09-11, Raymond O'Donnell <rod(at)iol(dot)ie> wrote:
>
> BTW, it's a REALLY bad idea to build literal SQL queries from input
> values, as you're doing - you should use parameters and
> pg_query_params() instead.
Although (still) marked "experimental"
pg_insert and pg_update work really well
the more recent pg_query_params still seems kind of dodgy.
--
⚂⚃ 100% natural