|
|
|
|
|
|
by xytop
3487 days ago
|
|
|
!!! PHP MySQL extension doesn't support placeholders so everyone has to escape params before mysql_query and then put escaped params inside query string.
Of course if there's used mysqli or PDO then need to use placeholders but in other case - there is actually no choice for developer.
So I'd rather not call most of those - "vulnerabilities". |
|
|