(stitcher.io)

202 points brentroose | 1 comments | 20 Nov 25 06:07 UTC | HN request time: 0.201s | source

Show context

yupyupyups ◴[20 Nov 25 13:44 UTC] No.45992465[source]▶

Is PHP still unhelpful when it comes to writing secure code?

I remember when escaping SQL input data was "the correct way" to use your mysql database. Parametrization? Nah, just use mysql_escape_string or whatever it was called.

replies(4): >>45992563 #>>45992566 #>>45992581 #>>45992594 #

1. amiga-workbench ◴[20 Nov 25 13:57 UTC] No.45992594[source]▶

>>45992465 #

You use PDO and prepared statements. Although realistically, you are going to be using a framework and some kind of Active Record pattern.

↑

PHP 8.5