lwerdna
commented
12 years ago also, convert statements to use "prepared statements" AKA "parameterized queries"
Open thompGIT opened 12 years ago
lwerdna
commented
12 years ago also, convert statements to use "prepared statements" AKA "parameterized queries"
lwerdna
commented
12 years ago uses prepared statements now
some simple regex checks ensuring that names consist only of word characters, and scores/rds/times consist only of digit characters should finish this one off
Add code to validate inputs and to protect the SQLite backend.