If spammers can abuse something, they gonna abuse it

  • TigrisMorte
    link
    fedilink
    11 year ago

    Please explain how you remain confident of that “SHOULD” when they are not sanitizing the HTML out?

    • Dark Arc
      link
      fedilink
      English
      11 year ago

      Because it’s literally impossible for SQL injection to occur if you do this. The database has already compiled the operation. There’s nothing to escape, there’s no more logic that can be added, you’re free to insert arbitrary gook just like you can into any old array.

      • TigrisMorte
        link
        fedilink
        11 year ago

        “if” caring a lot of water on this here frog’s back mr. scorpion.