|
|
|
|
|
|
by matsemann
347 days ago
|
|
|
There are so many foot guns, just don't do it. Php users tried with addslashes(), realized there are cases it can't handle, made a sql variant in mysql_escape_string, realized it's open for abuse since you can mess with the character set. Then made mysql_real_escape_string and later mysqli_real_escape_string, which even them have some flaws depending on the db charset. So if you find the concept easy, I'd wager it's because you don't handle some exploit path. |
|
|