From c0973993bdb6b6ea0f428603cc32b30fa43179f2 Mon Sep 17 00:00:00 2001
From: rusher <diego.dupin@gmail.com>
Date: Tue, 27 Mar 2018 14:24:35 +0200
Subject: [PATCH] adding placeholder documentation

---
 documentation/readme.md | 19 +++++++++++++++++++
 1 file changed, 19 insertions(+)

diff --git a/documentation/readme.md b/documentation/readme.md
index 656b26d..926de74 100644
--- a/documentation/readme.md
+++ b/documentation/readme.md
@@ -149,6 +149,25 @@ The [Error](https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Gl
 
 see [error codes](https://mariadb.com/kb/en/library/mariadb-error-codes/) for error number and sql state signification.
 
+### Placeholder
+
+To avoid SQL Injection, queries permit using question mark place holder. Values will be escaped accordingly to their type.
+
+example :  
+```javascript
+connection.query('INSERT INTO someTable VALUES (?, ?, ?)', [1, Buffer.from("D6E742F72", "hex"), 'mariadb']);
+//will send INSERT INTO someTable VALUES (1, _BINARY '..B.', 'mariadb'); 
+```
+The option "namedPlaceholders" permit using named placeholder. 
+Values must then have the key corresponding to placeholder names. 
+
+(Question mark still is the recommended method, particularly using execute, avoiding query parsing.)
+ 
+example :  
+```javascript
+connection.query({namedPlaceholders:true, 'INSERT INTO someTable VALUES (:id, :img, :db)', { id: 1, img: Buffer.from("D6E742F72", "hex"), db: 'mariadb'});
+//will send INSERT INTO someTable VALUES (1, _BINARY '..B.', 'mariadb'); 
+``` 
 
 ### Callback results
 There is 2 different kind of results : a "change" result and a result-set.