View more context

 

phyzical

you can still concact the field to teh table

nightjarnz

I'm admitting to you too Tom that paramaterised queries are a part of SQL I've not touched enough to be able to give you solid advice :) Damian is a sourcerer, yup.

nightjarnz

The important part to parameterise is the variable part of the query - the user input :)

nightjarnz

the other option @taoceanz is to use SQLQuery which may be better. It uses parameterised queries internally iirc, and will do most of the heavy lifting for you :)

nightjarnz

Not sure how well it works with MATCH though :< These are parts of the ORM I've seldom had to dive into.

phyzical

its been awhile but some... thinggs are supported via :