You're viewing a single thread.
96 comments
They should use parameterized queries, not sanitization.
Technically, a parameterized query is just doing sanitization for you. Or does escaping not count as sanitizing?
Although nothing wrong with sanitizing yourself then using parameterized queries. Never know if the API has a bug.
96 comments