If spammers can abuse something, they gonna abuse it

  • Dark ArcA
    link
    fedilink
    English
    arrow-up
    1
    ·
    11 months ago

    Because it’s literally impossible for SQL injection to occur if you do this. The database has already compiled the operation. There’s nothing to escape, there’s no more logic that can be added, you’re free to insert arbitrary gook just like you can into any old array.