"Prepared statements? PHP is actually more secure..."
The most commonly used module for mysql access, mysql (not mysqli for some reason), does not support bound parameter prepared statements instead opting for some very funky string escaping business.
Prepared statements are generally the only supported SQL mechanism in other languages/platforms I have used (C, Perl, Ruby, Java, COBOL...)
The most commonly used module for mysql access, mysql (not mysqli for some reason), does not support bound parameter prepared statements instead opting for some very funky string escaping business.
Prepared statements are generally the only supported SQL mechanism in other languages/platforms I have used (C, Perl, Ruby, Java, COBOL...)