@@ -75,6 +75,25 @@ Here's a great [tutorial on migrating to PDO for MySQL developers](http://wiki.h
Applications & Frameworks
+When using the MVC framework [CakePHP](http://cakephp.org/), most of your database communication will be abstracted away by the Model API. Still, it is sometimes necessary to perform manual queries, which can be done with [Model::query](http://api.cakephp.org/class/model#method-Modelquery). In order to use prepared statements with that method, you just need to pass an additional array parameter after the SQL query string. There are two variants:
+ // Unnamed placeholders: Pass an array containing one element for each ?
+ 'SELECT name FROM users WHERE id = ? AND status = ?',
+ array($id, $status)
+ // Named placeholders: Pass an associative array
+ 'SELECT name FROM users WHERE id = :id AND status = :status',
+ array('id' => $id, 'status' => $status)
+This behavior is documented in the [CakePHP Cookbook](http://book.cakephp.org/2.0/en/models/retrieving-your-data.html#prepared-statements). (It is described for the `fetchAll()`-method, but `query()` uses `fetchAll()` internally).