Было
> $sth = $dbh->prepare("INSERT INTO t1 (f1, f2) VALUES ('$foo', '$bar')");
Стало
$sth = $dbh->prepare("INSERT INTO t1 (f1, f2) VALUES (?, ?)");
$sth->execute($foo, $bar);
?
--
Andrew Shitov
______________________________________________________________________
andy на shitov.ru | http://shitov.ru