How many years is it going to take before people finally realise that 'preparing' sql statements and 'binding' parameters is the only sane way to perform queries in a 'safe' way?
(We're like in 2010 and i still see a lot of garbage examples being made... *vent frustration*)
SQL parameter binding
Moderator: General Moderators
- social_experiment
- DevNet Master
- Posts: 2793
- Joined: Sun Feb 15, 2009 11:08 am
- Location: .za
Re: SQL parameter binding
Probably when their sites get exploited, IMO (some) people only learn from experience brought on by a traumatic crack. Or when they start to read, many (if not all) books, pdf's and sites advocate preparing SQL statements.
“Don’t worry if it doesn’t work right. If everything did, you’d be out of a job.” - Mosher’s Law of Software Engineering
Re: SQL parameter binding
Not until there would be a way in mysql client-server protocol to do this without serious performance degradation.timvw wrote:How many years is it going to take before people finally realise that 'preparing' sql statements and 'binding' parameters is the only sane way to perform queries in a 'safe' way?