Parameterize queries can anyone help?

[intrigue]

I want to secure myself and would like to know how to do parameterized queries can anyone explain it?
Google doesn't help in my search haha
Thanks
matt

[trq]

[quote]can anyone explain it?[/quote]

Can you? Im sorry, but Im not sure what you meen.

[intrigue]

[code]  $result = db_query("SELECT id FROM ct_clients WHERE account = '?' AND password = '?';",
                      $account, $password);
[/code]

Thats an example of a parameterized query.

But i don't understand it so i can't implement it. Do they work with Insert queries or just Select? Any info is appreciated.
matt

[trq]

They are [i]prepared[/i] statements. What database client are you using? At least you would need to be using the mysqli extension. Take a look at [url=http://au3.php.net/manual/en/function.mysqli-stmt-prepare.php]mysqli_stmt_prepare[/url]().

[intrigue]

i am using mySQL and i don't think thats the function i should be using, its how to protect against SQL injection attacks everyone says use parameterized queries but no examples or tutorials
matt