Y
Hacker News
new
|
ask
|
show
|
jobs
by
berkle4455
1214 days ago
Wow. That is so much code just to avoid calling mysqli_prepare(). And they insist on using a weird printf inspired syntax instead of ? or :field.
1 comments
tyingq
1214 days ago
I suppose it's pretty battle-hardened by now, but I'd be afraid to ever touch that code for fear of introducing a SQL injection.
link