[html5] r4384 - [e] (0) Replace 'replace' with 'bind' to reduce the change of people doing subst [...]

whatwg at whatwg.org whatwg at whatwg.org
Mon Nov 30 18:13:44 PST 2009


Author: ianh
Date: 2009-11-30 18:13:42 -0800 (Mon, 30 Nov 2009)
New Revision: 4384

Modified:
   source
Log:
[e] (0) Replace 'replace' with 'bind' to reduce the change of people doing substitutions.

Modified: source
===================================================================
--- source	2009-12-01 02:02:55 UTC (rev 4383)
+++ source	2009-12-01 02:13:42 UTC (rev 4384)
@@ -66146,20 +66146,19 @@
 
    <li>
 
-    <p>Replace each <code title="">?</code> placeholder with the value
-    of the argument in the <var title="">arguments</var> array with
-    the same position. (So the first <code title="">?</code>
-    placeholder gets replaced by the first value in the <var
-    title="">arguments</var> array, and generally the <var
-    title="">n</var>th <code title="">?</code> placeholder gets
-    replaced by the <var title="">n</var>th value in the <var
-    title="">arguments</var> array.)</p>
+    <p>Bind each <code title="">?</code> placeholder with the value of
+    the argument in the <var title="">arguments</var> array with the
+    same position. (So the first <code title="">?</code> placeholder
+    gets bound to the first value in the <var title="">arguments</var>
+    array, and generally the <var title="">n</var>th <code
+    title="">?</code> placeholder gets bound to the <var
+    title="">n</var>th value in the <var title="">arguments</var>
+    array.)</p>
 
-    <p class="note">Substitutions for <code title="">?</code>
-    placeholders are done at the literal level, not as string
-    concatenations, so this provides a way to dynamically insert
-    parameters into a statement without risk of a SQL injection
-    attack.</p>
+    <p class="note">Binding the <code title="">?</code> placeholders
+    is done at the literal level, not as string concatenations, so
+    this provides a way to dynamically insert parameters into a
+    statement without risk of a SQL injection attack.</p>
 
     <p>The result is <var title="">the statement</var>.</p>
 




More information about the Commit-Watchers mailing list