|
|
|
|
|
|
by guitarbill
3460 days ago
|
|
|
Education can go a long way. If you check the PHP PDO docs [0], the fact that prepared statements make SQL injection possible is only the second most important fact for them. The documentation for PDO::prepare does not mention this fact at all. It just says you can use placeholders. Great. Or just use an ORM. They have a bad reputation, but SQLAlchemy + Python is an awesome combo. But because of language features, PHP ORMs aren't quite as seamless. [0] https://secure.php.net/manual/en/pdo.prepared-statements.php [1] https://secure.php.net/manual/en/pdo.prepare.php |
|
|