I understand that and it is good. What I meant (sorry for not being clear in the first part) was that you could add some code in your query function that would then create the params from the sql string that has been submitted. So you would still have all the advantages of sanitizing ect.
Hope you understand what I meant now.
|