Use prepared statements

OpenSprites / OpenSprites-Origin

The original OpenSprites website, written in PHP. Discontinued - remains for historical reasons. See OpenSprites-Next for the new generation of Scratch resource sharing.

MIT License

19 stars 9 forks source link

Use prepared statements #176

Closed robinp7720 closed 9 years ago

robinp7720 commented 9 years ago

PDO and mysqli both support them. This is open to serious sql injection!

MegaApuTurkUltra commented 9 years ago

As the main backend author I can tell you that there is no danger of SQL injection.