|
|
|
|
|
|
by octover
5927 days ago
|
|
|
I think the point is that it's possible to get pass poor programming and filtering. A smart developer would've been aware of intval() and used it instead of mysql_real_escape_string(). I certainly worked with my share of developers with just enough brains to know they need to validate the input and might have done their own regex method to filter instead of relying on far simpler built-in methods. Prepared statements being the next step up. |
|
|