+ 2

When you are writing SQL

Please write SQL in prepare statement, with users inputs as parameters. Don't use String concate to run SQL command because it may make hacker using SQL injection to attack your DataBase

1st May 2017, 5:38 AM
黃冠融
黃冠融 - avatar
1 Odpowiedź
+ 3
isn't that where the quote functions jumps in?
1st May 2017, 6:05 AM
Harm Zeinstra
Harm Zeinstra - avatar