If spammers can abuse something, they gonna abuse it

  • TigrisMorte@kbin.social
    link
    fedilink
    arrow-up
    1
    arrow-down
    1
    ·
    9 months ago

    Please explain how you remain confident of that “SHOULD” when they are not sanitizing the HTML out?

    • Dark ArcA
      link
      fedilink
      English
      arrow-up
      1
      ·
      9 months ago

      Because it’s literally impossible for SQL injection to occur if you do this. The database has already compiled the operation. There’s nothing to escape, there’s no more logic that can be added, you’re free to insert arbitrary gook just like you can into any old array.