"ff_query" is more secure?

[greenreptile]

i have a question about this function : "ff_query"

for insert statements, we can use one of two ways to pass it to db:

1) using ff_query($sql)
2) joomla database functions :

     $database->setQuery ($sql);
     $database->query();


which one is more secure? why?

[Bitsqueezer]

Hi,

this is the contents of the ff_query function:

Code:

function ff_query($sql, $insert=false, $error=FF_DIE)
{
    global $database, $ff_processor;
    if ($ff_processor->dying && $error!=FF_IGNOREDIE) return -1;
    $database->setQuery($sql);
    $database->query();
    if ($database->getErrorNum()) {
        $dienow = $error==FF_DIE;
        $error = $database->stderr();
        if ($dienow) ff_die($error);
    } else {
        $error = null;
        if ($insert) return $database->insertid();
    } // if
    return 0;
} // ff_query

As you can see, it doesn't make more, only tests some more things before.

Cheers,

Christian