mavinoo
commented
4 months ago Yes, using bound parameters to prevent SQL injection is crucial. By using bound parameters, input data is properly filtered and sanitized, and if necessary, translated. Without using bound parameters, the system is vulnerable and at risk from a security standpoint. It's always better to ensure that input data is properly filtered and sanitized and to use bound parameters. However, in this package, the mysql_escape method is used to prevent at least some malicious inputs.
How about binding parameters? It makes sql injection now. It is dangerous.