On Sat, Oct 11, 2008 at 9:30 PM, Iain Barnett <iainspeed at gmail.com> wrote: > > Personally, I use stored procedures with a database as they protect from sql > injection attacks (unless you write some really stupid procedures). > Isn't this what parametrized queries are for?