|
|
|
|
|
|
by chuckadams
96 days ago
|
|
|
SQL injection is prevented by using database APIs properly, not sanitizing. Put all the malicious SQL you want in a query string, if it's passed as a bound parameter to a prepared query, it's only ever going to be a plain string. You might sanitize for different reasons like business logic, but if it's your first line of defense against sql injection, you're already on the losing side. |
|
|