Comment Re:Depends on who uses them (Score 1) 189
I thought about that a bit. It's easy to remove all but the functions intended to be used parameterized, but that doesn't prevent you from doing something stupid, it just doesn't invite you to be stupid. There is certainly something to be said for that.
The solution for the second part would be a bit heavy weight and never really satisfactory. For example:
"SELECT info from STUFF where id=$uid;"
Pretty much anyone would agree that uid should be parameterized. However, what about:
"SELECT $field from $table where $other_field = $value;"
Which of those do we want to force into parameters for all cases? Surely we don't want to force the first query to be re-written as:
"SELECT $1 from $2 where $3=$4;", array('info','STUFF','id',$uid)
But short of that, we can't stop someone from being stupid.