OK, Clearer understanding on the article and the function of db_placeholders, thanks for the patience all. Surprised a bit I didn't wind up on fire. Warren Vail -----Original Message----- From: Greg Knaddison [mailto:greg@growingventuresolutions.com] Sent: Monday, April 11, 2011 9:34 AM To: support@drupal.org Cc: Warren Vail Subject: Re: [support] Place holders in SQL query On Mon, Apr 11, 2011 at 10:21 AM, Warren Vail <warren@vailtech.net> wrote:
Your article seems to suggest that the whole concept of db_placeholders is not valid. How would you do any query where parameters come from a form without this vulnerability?
Please re-read the article and the comment on the article. Thanks, Greg -- Greg Knaddison | 720-310-5623 | http://growingventuresolutions.com http://masteringdrupal.com - Videos and Tutorials