The best hosting in the world can’t save you from top down bat shit crazy engineering decisions.

Who needs prepared statements and parameterised queries when you can just roll your own string escaping mechanism?