undefined | Better HN

0 pointsberkle44553y ago0 comments

Wow. That is so much code just to avoid calling mysqli_prepare(). And they insist on using a weird printf inspired syntax instead of ? or :field.

0 comments

I suppose it's pretty battle-hardened by now, but I'd be afraid to ever touch that code for fear of introducing a SQL injection.

j / k navigate · click thread line to collapse

I suppose it's pretty battle-hardened by now, but I'd be afraid to ever touch that code for fear of introducing a SQL injection.

j / k navigate · click thread line to collapse