undefined | Better HN

0 points9dev3y ago0 comments

Read this article for a primer on why PDO is a vastly better choice: https://phpdelusions.net/pdo#why

And the fact that it’s 2023 and we’re somehow ok with the biggest web application there is not using parametrised queries in its core completely stumps me. Time and time again, SQL injection attacks in Wordpress or it’s plugins pop up. PDO with parametrised queries simply eliminates this issue.

0 comments

luckylion3y ago

> PDO with parametrised queries simply eliminates this issue.

True, but plugin authors not caring about using them is the primary issue, and that doesn't change just because wpdb uses a different API under the hood.

9devOP3y ago

No, but nobody will encourage them to. Wordpress has fostered an ecosystem of bad practices that is mostly resistant to change.

j / k navigate · click thread line to collapse