|
|
|
|
|
|
by hu3
1877 days ago
|
|
|
PHP has supported SQL parameter binding for at least 17 years now. It's the standard way to execute SQL queries and it replaces any usage of mysql_escape() or related functions. It seems your criticism towards PHP is the use of legacy code which is kept for backwards compatibility. No sane person in the industry writes code like that. Those who do would have had concatenated user input to SQL queries in any language anyway be it Java, C# or whatever fancies your boat. https://phptherightway.com/#databases In my view, PHP most glaring problem is the often outdated negative image it carries outside its industry. But that's to be expected when a technology is 25 years old while striving for backwards compatibility. |
|
|
Edit: found the link https://w3techs.com/technologies/details/pl-php