ryantheleach
commented
7 years ago I had some Sponge staff take a look over my changes.
This wasn't actually exploitable yet but I felt like it was close enough that it should be nipped in the butt before someone copies and pastes yet another query and creates one with a variable ban reason, or player name or something.
https://stackoverflow.com/questions/1582161/how-does-a-preparedstatement-avoid-or-prevent-sql-injection