Closed micgro42 closed 1 year ago
I believe this is a left over from the times of using sqlite(2). I wonder if it would be time to drop sqlite support entirely and use pdo_sqlite exclusively. However that's probably more than this issue is asking for. So if you can provide a PR for using the PDO methods, I'm happy to merge it.
will be fixed by #73
Currently, the sqlite plugin implements its own parameter escaping and injecting in
helper_plugin_sqlite_adapter::prepareSql
and this is also used in the PDO adapter.However, PDO supports its own
prepare
,bindValue
andexecute
methods to provide that functionality. Shouldn't we use that directly, if available?