(stitcher.io)

201 points brentroose | 1 comments | 20 Nov 25 06:07 UTC | HN request time: 0s | source

Show context

yupyupyups ◴[20 Nov 25 13:44 UTC] No.45992465[source]▶

Is PHP still unhelpful when it comes to writing secure code?

I remember when escaping SQL input data was "the correct way" to use your mysql database. Parametrization? Nah, just use mysql_escape_string or whatever it was called.

replies(4): >>45992563 #>>45992566 #>>45992581 #>>45992594 #

1. g105b ◴[20 Nov 25 13:54 UTC] No.45992566[source]▶

>>45992465 #

SQL named parameters was a feature introduced into PHP on 24th Nov 2005, with the release of PHP 5.1.0.

↑

PHP 8.5