php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Return to Bug #77348
Patch pdo-prepare revision 2018-12-27 11:32 UTC by cmb@php.net

Patch pdo-prepare for Online Doc Editor problem Bug #77348

Patch version 2018-12-27 11:32 UTC

Return to Bug #77348 | Download this patch
Patch Revisions:

Developer: cmb@php.net

Index: prepare.xml
===================================================================
--- prepare.xml	(revision 346423)
+++ prepare.xml	(working copy)
@@ -17,11 +17,11 @@
 
   <para>
    Prepares an SQL statement to be executed by the
-   <function>PDOStatement::execute</function> method. The SQL statement can
+   <function>PDOStatement::execute</function> method. The statement template can
    contain zero or more named (:name) or question mark (?) parameter markers
    for which real values will be substituted when the statement is executed.
-   You cannot use both named and question mark parameter markers within the same
-   SQL statement; pick one or the other parameter style.
+   Both named and question mark parameter markers cannot be used within the same
+   SQL statement template; only one or the other parameter style.
    Use these parameters to bind any user-input, do not include the user-input
    directly in the query.
   </para>
@@ -44,9 +44,9 @@
    <function>PDOStatement::execute</function> for statements that will be
    issued multiple times with different parameter values optimizes the
    performance of your application by allowing the driver to negotiate
-   client and/or server side caching of the query plan and meta information,
-   and helps to prevent SQL injection attacks by eliminating the need to
-   manually quote the parameters.
+   client and/or server-side caching of the query plan and meta information. Also, calling <function>PDO::prepare</function> and
+   <function>PDOStatement::execute</function> helps to prevent SQL injection attacks by eliminating the need to
+   manually quote and escape the parameters.
   </para>
   <para>
    PDO will emulate prepared statements/bound parameters for drivers that do
@@ -76,7 +76,7 @@
        returns. You would most commonly use this to set the
        <literal>PDO::ATTR_CURSOR</literal> value to
        <literal>PDO::CURSOR_SCROLL</literal> to request a scrollable cursor.
-       Some drivers have driver specific options that may be set at
+       Some drivers have driver-specific options that may be set at
        prepare-time.
       </para>
      </listitem>
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved. 		Last updated: Sun Dec 22 03:01:28 2024 UTC