+ 2
When you are writing SQL
Please write SQL in prepare statement, with users inputs as parameters. Don't use String concate to run SQL command because it may make hacker using SQL injection to attack your DataBase
1 Respuesta
+ 3
isn't that where the quote functions jumps in?