Riley Spier-Swenson
Riley Spier-Swenson
or, in sort: mysql_real_escape_string is only for strings. not numbers.
But, they aren't.
But, they aren't. The argument is always that you can't forget to escape with parameterized queries. ie, you can't make mistakes. That's not even true, all it takes is one...
Linking me to some long ass article or some hard to quickly digest powerpoint is going to do nothing. Explain what is actually wrong with escaping so I can smack...
> (re your example: no, it certainly won't save you if you try and parameterise a table name! Bad idea. My example is the chain of ifs that dynamically build...
That was directed at andy.
The point is you're wrong. Neither is objectively better
>AND it supports (in a very fragile and incomplete manner) viewing literally through someone else's eyes, including their plane masters. This is very useful, because it means you can debug...
I don't even have a public key file for the tgstation-server account, and I don't even know how to generate one (i bet it isn't hard, but i'm just not...
That was intentional