|
|
|
|
|
|
by ameliaquining
344 days ago
|
|
|
Escaping isn't always straightforward. Or rather, it is in simple languages or in languages that are designed to make it straightforward, like HTML, but in SQL it's surprisingly tricky, and subtle bugs in escaping routines are an occasional source of vulnerabilities. E.g., https://stackoverflow.com/a/12118602. This is why modern best security practice is to use parameterized statements instead. |
|
|