|
|
|
|
|
|
by ecopoesis
4687 days ago
|
|
|
How the hell do deadlines have anything to do with SQL injection? Writing $stmt = $dbh->prepare("SELECT * FROM users WHERE USERNAME = $username AND PASSWORD = $password");
$stmt->execute(); vs $stmt = $dbh->prepare("SELECT * FROM users WHERE USERNAME = ? AND PASSWORD = ?");
$stmt->execute(array($username, $password)); adds no time or effort. SQL Injection happens because devs haven't been taught to do the right thing or are too dumb to remember to do the right thing. Both conditions are easy to fix: teach the first group, fire the second. |
|
|